Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Endeca Information Discovery Integrator by Oracle Corporation

    CVE-2018-3215 (GCVE-0-2018-3215)

    Vulnerability from nvd – Published: 2018-10-17 01:00 – Updated: 2024-10-02 19:35
    VLAI
    Summary
    Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data.
    Assigner
    References
    Impacted products
    Date Public
    2018-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:43:34.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105645"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-3215",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:06:34.656319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:35:21.369Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Endeca Information Discovery Integrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as  unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "105645",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105645"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-3215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Endeca Information Discovery Integrator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "3.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as  unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105645",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105645"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-3215",
        "datePublished": "2018-10-17T01:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-02T19:35:21.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3215 (GCVE-0-2018-3215)

    Vulnerability from cvelistv5 – Published: 2018-10-17 01:00 – Updated: 2024-10-02 19:35
    VLAI
    Summary
    Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data.
    Assigner
    References
    Impacted products
    Date Public
    2018-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:43:34.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105645"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-3215",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:06:34.656319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:35:21.369Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Endeca Information Discovery Integrator",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.0"
                }
              ]
            }
          ],
          "datePublic": "2018-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as  unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "105645",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105645"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-3215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Endeca Information Discovery Integrator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "3.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as  unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105645",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105645"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-3215",
        "datePublished": "2018-10-17T01:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-02T19:35:21.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }