Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CVE# Product Component Protocol Remote
- Exploit
- without
- Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
- Base
- Score Attack
- Vector Attack
- Complex Privs
- Req'd User
- Interact Scope Confid-
- entiality Inte-
- grity Avail-
- ability
- CVE-2018-2656 Oracle General Ledger Data Manager Server HTTP Yes 9.1 Network Low None None Un-
- changed High High None 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- CVE-2018-2655 Oracle Work in Process Assemble/Configure to Order HTTP Yes 9.1 Network Low None None Un-
- changed High High None 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- CVE-2017-3736 Application Server Tech Stack (OpenSSL) HTTPS Yes 5.9 Network High None None Un-
- changed High None None 12.1.3
- CVE-2018-2691 Oracle User Management Proxy User Delegation HTTP No 5.4 Network Low Low None Un-
- changed Low Low None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- CVE-2018-2684 Oracle User Management Registration Process HTTP No 4.9 Network Low High None Un-
- changed High None None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- CVE-2018-2635 Oracle Application Object Library Login HTTP Yes 4.8 Network High None None Un-
- changed Low Low None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- CVE-2018-2580 Oracle Applications DBA ADPatch None No 4.4 Local Low High None Un-
- changed High None None 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- Additional CVEs addressed are below:
- The fix for CVE-2017-3736 also addresses CVE-2017-3735.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement