CVE-2018-3167

MEDIUM NUCLEI

Oracle E-Business Suite <12.2.8 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2018-3167 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Nuclei Templates (1)

Oracle E-Business Suite - Blind SSRF

MEDIUMby geeknik

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041897

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105627

Scores

CVSS v3 5.3

EPSS 0.1712

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (6)

oracle/application_management_pack 12.1.3

oracle/application_management_pack 12.2.3

oracle/application_management_pack 12.2.4

oracle/application_management_pack 12.2.5

oracle/application_management_pack 12.2.6

oracle/application_management_pack 12.2.7

Published Oct 17, 2018

Tracked Since Feb 18, 2026