Unauthenticated Blind SSRF in Oracle EBS CVE-2018-3167 Scanner

Details
Stay Up To Date
Asset Type

domain,ip,url

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Unauthenticated Blind SSRF in Oracle EBS CVE-2018-3167 Scanner Detail

Oracle EBS contains a server side request forgery vulnerability.

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Some Advice for Common Problems

Update your Oracle EBS to the latest version to eliminate this vulnerability.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service