What is the severity of CVE-2018-3138?

CVE-2018-3138 has a high severity rating due to its ability to allow unauthenticated attackers to exploit vulnerable Oracle E-Business Suite applications.

How do I fix CVE-2018-3138?

To address CVE-2018-3138, update your Oracle E-Business Suite to the latest recommended version provided by Oracle.

Which versions of Oracle Application Object Library are affected by CVE-2018-3138?

CVE-2018-3138 affects Oracle Application Object Library versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.

Who can exploit CVE-2018-3138?

CVE-2018-3138 can be exploited by unauthenticated attackers with network access to the affected Oracle E-Business Suite.

What component of Oracle E-Business Suite is impacted by CVE-2018-3138?

CVE-2018-3138 impacts the Attachments/File Upload component within the Oracle Application Object Library of Oracle E-Business Suite.

Vulnerability/
CVE-2018-3138

high

8.2

17/10/2018

2/10/2024

CVE-2018-3138

First published: Wed Oct 17 2018(Updated: )

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle Application Object Library	=12.1.3
Oracle Application Object Library	=12.2.3
Oracle Application Object Library	=12.2.4
Oracle Application Object Library	=12.2.5
Oracle Application Object Library	=12.2.6
Oracle Application Object Library	=12.2.7

Remedy

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-3138?
CVE-2018-3138 has a high severity rating due to its ability to allow unauthenticated attackers to exploit vulnerable Oracle E-Business Suite applications.
How do I fix CVE-2018-3138?
To address CVE-2018-3138, update your Oracle E-Business Suite to the latest recommended version provided by Oracle.
Which versions of Oracle Application Object Library are affected by CVE-2018-3138?
CVE-2018-3138 affects Oracle Application Object Library versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.
Who can exploit CVE-2018-3138?
CVE-2018-3138 can be exploited by unauthenticated attackers with network access to the affected Oracle E-Business Suite.
What component of Oracle E-Business Suite is impacted by CVE-2018-3138?
CVE-2018-3138 impacts the Attachments/File Upload component within the Oracle Application Object Library of Oracle E-Business Suite.

collector/nvd-index
agent/type
agent/softwarecombine
agent/severity
agent/author
agent/remedy
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/oracle
canonical/oracle application object library
version/oracle application object library/12.1.3
version/oracle application object library/12.2.3
version/oracle application object library/12.2.4
version/oracle application object library/12.2.5
version/oracle application object library/12.2.6
version/oracle application object library/12.2.7