Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Adaptive Access Manager by Oracle Corporation

    CVE-2018-2770 (GCVE-0-2018-2770)

    Vulnerability from nvd – Published: 2018-04-19 02:00 – Updated: 2024-10-03 20:20
    VLAI
    Summary
    Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data.
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040695 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103806 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:29:44.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040695",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040695"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "name": "103806",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:25:17.169610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:20:48.316Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adaptive Access Manager",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as  unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-19T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "1040695",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040695"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "103806",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103806"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2770",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Adaptive Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.1.2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as  unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040695",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040695"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
                },
                {
                  "name": "103806",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103806"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2770",
        "datePublished": "2018-04-19T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:20:48.316Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2587 (GCVE-0-2018-2587)

    Vulnerability from nvd – Published: 2018-04-19 02:00 – Updated: 2024-10-03 20:24
    VLAI
    Summary
    Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation Access Manager Affected: 10.1.4.3.0
    Affected: 11.1.2.3.0
    Affected: 12.2.1.3.0
    Create a notification for this product.
    Oracle Corporation Adaptive Access Manager Affected: 11.1.2.3.0
    Create a notification for this product.
    Date Public
    2018-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.430Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040695",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040695"
              },
              {
                "name": "103822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103822"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:23:18.228870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:24:22.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.4.3.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.2.3.0"
                },
                {
                  "status": "affected",
                  "version": "12.2.1.3.0"
                }
              ]
            },
            {
              "product": "Adaptive Access Manager",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-20T14:49:58.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "1040695",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040695"
            },
            {
              "name": "103822",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103822"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10.1.4.3.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "11.1.2.3.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.2.1.3.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Adaptive Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.1.2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040695",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040695"
                },
                {
                  "name": "103822",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103822"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2587",
        "datePublished": "2018-04-19T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:24:22.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2587 (GCVE-0-2018-2587)

    Vulnerability from cvelistv5 – Published: 2018-04-19 02:00 – Updated: 2024-10-03 20:24
    VLAI
    Summary
    Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation Access Manager Affected: 10.1.4.3.0
    Affected: 11.1.2.3.0
    Affected: 12.2.1.3.0
    Create a notification for this product.
    Oracle Corporation Adaptive Access Manager Affected: 11.1.2.3.0
    Create a notification for this product.
    Date Public
    2018-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.430Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040695",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040695"
              },
              {
                "name": "103822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103822"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:23:18.228870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:24:22.377Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.4.3.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.2.3.0"
                },
                {
                  "status": "affected",
                  "version": "12.2.1.3.0"
                }
              ]
            },
            {
              "product": "Adaptive Access Manager",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-20T14:49:58.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "1040695",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040695"
            },
            {
              "name": "103822",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103822"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10.1.4.3.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "11.1.2.3.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.2.1.3.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Adaptive Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.1.2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as  unauthorized read access to a subset of Oracle Access Manager accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040695",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040695"
                },
                {
                  "name": "103822",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103822"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2587",
        "datePublished": "2018-04-19T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:24:22.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2770 (GCVE-0-2018-2770)

    Vulnerability from cvelistv5 – Published: 2018-04-19 02:00 – Updated: 2024-10-03 20:20
    VLAI
    Summary
    Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data.
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040695 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/103806 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2018-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:29:44.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040695",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040695"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "name": "103806",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:25:17.169610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:20:48.316Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adaptive Access Manager",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as  unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-19T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "1040695",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040695"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "103806",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103806"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2770",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Adaptive Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.1.2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Adaptive Access Manager.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adaptive Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Adaptive Access Manager accessible data as well as  unauthorized update, insert or delete access to some of Oracle Adaptive Access Manager accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040695",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040695"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
                },
                {
                  "name": "103806",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103806"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2770",
        "datePublished": "2018-04-19T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:20:48.316Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }