Learn about CVE-2018-2655 affecting Oracle Work in Process component of Oracle E-Business Suite. Unauthenticated attackers can exploit the system via HTTP, leading to unauthorized data access and manipulation.
Oracle Work in Process component of Oracle E-Business Suite has a vulnerability that allows unauthenticated attackers to compromise the system through HTTP. This CVE affects versions 12.1.1 to 12.2.7.
Understanding CVE-2018-2655
This CVE impacts the Oracle Work in Process component of Oracle E-Business Suite, particularly in the Assemble/Configure to Order subcomponent.
What is CVE-2018-2655?
The vulnerability allows attackers to exploit the system without authentication via HTTP.
Successful exploitation can lead to unauthorized data manipulation and access.
The CVSS 3.0 Base Score is 9.1, affecting confidentiality and integrity.
The Impact of CVE-2018-2655
Unauthorized creation, deletion, or modification of critical data is possible.
Attackers can gain unauthorized access to all data accessible by Oracle Work in Process.
Technical Details of CVE-2018-2655
This section provides detailed technical information about the CVE.
Vulnerability Description
Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite.