When exporting data from Oracle Enterprise Data Quality, the following error message might appear if the Security setting of the target environment is enabled.
CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). When exporting data from Oracle Enterprise Data Quality, the following error message might appear if the Security setting of the target environment is enabled. CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). On the 12.2.1.3.0 and 12.2.1.4.0 versions, the following SQL injection vulnerability
SQL Injection
CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). On the 12.2.1.3.0 and 12.2.1.4.0 versions, the following SQL injection vulnerability
When exporting data from Oracle Enterprise Data Quality, the following error message might appear if the Security setting of the target environment is enabled
SQL Injection vulnerability vulnerability
When exporting data from Oracle Enterprise Data Quality, the following SQL injection vulnerability could exist in the application.
CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). When exporting data from Oracle Enterprise Data Quality, the following SQL injection vulnerability could exist in the application.
SQL Injection Vulnerability
CVE-2018-2736 is a vulnerability in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
This security issue is only available on the 12.2.1.3.0 and 12.2.1.4.0 versions, and it will be fixed in 12-Factor releases as well as the next patch release that is planned for early October 2018 (12-FBR3).
Overview
CVE-2018-2736: A vulnerability was discovered in Oracle Enterprise Data Quality where the application does not perform a proper validation of the XLSX file format before attempting to import it. This could lead to data extraction leading to unauthorized access. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC