CVE-2018-3246
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerabilidad en el componente Oracle WebLogic Server de Oracle Fusion Middleware (subcomponente: WLS - Web Services). Las versiones compatibles que se han visto afectadas son la 12.1.3.0 y 12.2.1.3. Esta vulnerabilidad fácilmente explotable permite que un atacante sin autenticar con acceso en red vía HTTP comprometa la seguridad de Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-15 CVE Reserved
- 2018-10-17 CVE Published
- 2024-08-01 EPSS Updated
- 2024-10-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105628 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041896 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | 2019-10-03 | |
| https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | 2019-10-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.0 Search vendor "Oracle" for product "Banking Platform" and version "2.6.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.1 Search vendor "Oracle" for product "Banking Platform" and version "2.6.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Platform Search vendor "Oracle" for product "Banking Platform" | 2.6.2 Search vendor "Oracle" for product "Banking Platform" and version "2.6.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite" | 11.1.1.9.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "11.1.1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite" | 12.1.3.0.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite" | 12.2.1.3.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server" | < 7.0.0.1 Search vendor "Oracle" for product "Communications Converged Application Server" and version " < 7.0.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Webrtc Session Controller Search vendor "Oracle" for product "Communications Webrtc Session Controller" | < 7.2 Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version " < 7.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Repository Search vendor "Oracle" for product "Enterprise Repository" | 12.1.3.0.0 Search vendor "Oracle" for product "Enterprise Repository" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Convenience And Fuel Pos Software Search vendor "Oracle" for product "Retail Convenience And Fuel Pos Software" | 2.8.1 Search vendor "Oracle" for product "Retail Convenience And Fuel Pos Software" and version "2.8.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System" | 1.12.0.3 Search vendor "Oracle" for product "Utilities Network Management System" and version "1.12.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System" | 2.3.0.0 Search vendor "Oracle" for product "Utilities Network Management System" and version "2.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System" | 2.3.0.1 Search vendor "Oracle" for product "Utilities Network Management System" and version "2.3.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Utilities Network Management System Search vendor "Oracle" for product "Utilities Network Management System" | 2.3.0.2 Search vendor "Oracle" for product "Utilities Network Management System" and version "2.3.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal" | 11.1.1.9.0 Search vendor "Oracle" for product "Webcenter Portal" and version "11.1.1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal" | 12.2.1.3.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.1.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0" | - |
Affected
| ||||||