Learn about CVE-2018-2765 affecting Oracle Security Service in Oracle Fusion Middleware. An unauthenticated attacker can exploit this vulnerability via HTTPS, potentially leading to unauthorized data access.
Oracle Security Service component of Oracle Fusion Middleware has a vulnerability in the Oracle SSL API, affecting multiple versions. An unauthenticated attacker with network access via HTTPS can exploit this vulnerability, potentially leading to unauthorized data access.
Understanding CVE-2018-2765
This CVE involves a vulnerability in the Oracle Security Service component of Oracle Fusion Middleware, specifically in the Oracle SSL API.
What is CVE-2018-2765?
The vulnerability affects versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, and 12.2.1.3.0 of Oracle Security Service.
An unauthenticated attacker with network access via HTTPS can exploit this vulnerability.
Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible through Oracle Security Service.
The CVSS 3.0 base score for this vulnerability is 7.5, with an impact on confidentiality.
The Impact of CVE-2018-2765
Unauthorized access to critical data or complete access to all data accessible through Oracle Security Service.
Technical Details of CVE-2018-2765
This section provides technical details of the CVE.
Vulnerability Description
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware, specifically in the Oracle SSL API.
Affected Systems and Versions
Oracle Security Service versions: 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0, 12.2.1.3.0