CVE-2018-3167

MEDIUM NUCLEI

Oracle E-Business Suite <12.2.8 - Info Disclosure

Title source: llm

Description

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Nuclei Templates (1)

Oracle E-Business Suite - Blind SSRF

MEDIUMby geeknik

References (3)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105627

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041897

Scores

CVSS v3 5.3

EPSS 0.6803

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (6)

oracle/application_management_pack 12.1.3

oracle/application_management_pack 12.2.3

oracle/application_management_pack 12.2.4

oracle/application_management_pack 12.2.5

oracle/application_management_pack 12.2.6

oracle/application_management_pack 12.2.7

Published Oct 17, 2018

Tracked Since Feb 18, 2026