Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (10.1.3.5.0). The supported version that is affected is 10.1.3.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
CVE# CVE Title and Description CVSS v2 Score CVSS v3 Score CVE-2018-3356 Access Manager - Insecure Direct Object Reference Vulnerability 5.5 7.5 Access Manager Access Manager allows a local, low privilege user to access data from any other user via a series of direct object references. An attacker can exploit this vulnerability to compromise Access Manager. 7.8 CVE-2018-3355 Access Manager - Insecure Direct Object Reference Vulnerability 5.5 7.5 Access Manager Access Manager allows a local, low privilege user to access data from any other user via a series of direct object references. An attacker can exploit this vulnerability to compromise Access Manager. 7.8 CVE-2018-3354 Access Manager - Insecure Object
Access Manager - Insecure Object Variable Usage Vulnerability
5.5 7.5 Access Manager An issue was discovered in the Access Manager product where variables could be accessed when they weren't supposed to be accessed by using an insecure object reference. An attacker can exploit this vulnerability to compromise Access Manager. 7.8
Oracle recommends updating to the latest version of Oracle Access Manager 10.2
Access Manager - Insecure Object
Reference Vulnerability
Access Manager allows a local, low privilege user to access data from any other user via a series of direct object references. An attacker can exploit this vulnerability to compromise Access Manager.
Access Manager - Insecure Object Usage Vulnerability
The vulnerability is due to the fact that Access Manager allows any user with network access via HTTP to create or delete data. An attacker can exploit this vulnerability to compromise Access Manager. 7.8
Access Manager - Insecure Direct Object Reference Vulnerability 5.5 7.5 Access Manager Access Manager allows a local, low privilege user to access data from any other user via a series of direct object references. An attacker can exploit this vulnerability to compromise Access Manager. 7.8
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC