cbcvebase.
CVE-2018-3167
published 2018-10-17

CVE-2018-3167: Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported…

PriorityP348medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
17.12%
96.7th percentile
Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected

12 ranges
VendorProductVersion rangeFixed in
oracleapplication_management_pack
oracleapplication_management_pack
oracleapplication_management_pack
oracleapplication_management_pack
oracleapplication_management_pack
oracleapplication_management_pack
oracle_corporationapplication_management_pack_for_oracle_e-business_suite
oracle_corporationapplication_management_pack_for_oracle_e-business_suite
oracle_corporationapplication_management_pack_for_oracle_e-business_suite
oracle_corporationapplication_management_pack_for_oracle_e-business_suite
oracle_corporationapplication_management_pack_for_oracle_e-business_suite
oracle_corporationapplication_management_pack_for_oracle_e-business_suite

Detection & IOCsextracted from sources · hover to see the quote

url/OA_HTML/lcmServiceController.jsp
  • Send an HTTP POST request to /OA_HTML/lcmServiceController.jsp and check for the string 'Unexpected text in DTD' in the response body with HTTP status 200 to confirm blind SSRF vulnerability.
  • The vulnerability is unauthenticated and reachable via HTTP with no prior authentication (PR:N, UI:N), making it trivially exploitable from the network.
  • Exploitation can be used to reach internal HTTP-enabled services (e.g., databases) or issue POST requests to unexposed internal services — monitor outbound HTTP connections originating from the EBS application server.
  • ·Affected versions are limited to Oracle E-Business Suite Application Management Pack versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7 — detections should be scoped to these versions.
  • ·The SSRF is blind — there is no direct response data leak; impact is limited to unauthorized read access to a subset of accessible data and internal service interaction.

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.