First published: Thu Jan 18 2018(Updated: )
Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Communications Unified Inventory Management | =7.2.4.2 | |
Oracle Communications Unified Inventory Management | =7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-2571 is classified as an easily exploitable vulnerability that can be leveraged by low privileged attackers.
To remediate CVE-2018-2571, users should apply the latest security patches provided by Oracle for affected versions.
CVE-2018-2571 affects Oracle Communications Unified Inventory Management versions 7.2.4.2.x and 7.3.
Low privileged attackers with network access via HTTP are at risk of exploiting CVE-2018-2571.
CVE-2018-2571 affects the Portal component of the Oracle Communications Unified Inventory Management.