cnvd - cnvd-2019-39901

cnvd-2019-39901

Vulnerability from cnvd

Title

Oracle Fusion Middleware Business Process Management Suite组件访问控制错误漏洞

Description

Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台，该平台提供了中间件、软件集合等功能。Business Process Management Suite是其中的一个业务流程管理组件。 Oracle Fusion Middleware Business Process Management Suite组件存在访问控制错误漏洞。攻击者可利用该漏洞未授权访问、创建、删除或修改数据，影响数据的保密性和完整性。

Severity

中

Patch Name

Oracle Fusion Middleware Business Process Management Suite组件访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Reference

http://www.securitytracker.com/id/1041310

Impacted products

Name
['Oracle Fusion Middleware Business Process Management Suite 11.1.1.7.0', 'Oracle Fusion Middleware Business Process Management Suite 11.1.1.9.0', 'Oracle Fusion Middleware Business Process Management Suite 12.1.3.0.0', 'Oracle Fusion Middleware Business Process Management Suite 12.2.1.2.0', 'Oracle Fusion Middleware Business Process Management Suite 2.2.1.3.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3100",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3100"
    }
  },
  "description": "Oracle Fusion Middleware\uff08Oracle\u878d\u5408\u4e2d\u95f4\u4ef6\uff09\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u548c\u4e91\u73af\u5883\u7684\u4e1a\u52a1\u521b\u65b0\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e2d\u95f4\u4ef6\u3001\u8f6f\u4ef6\u96c6\u5408\u7b49\u529f\u80fd\u3002Business Process Management Suite\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u7ec4\u4ef6\u3002\n\nOracle Fusion Middleware Business Process Management Suite\u7ec4\u4ef6\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u3001\u521b\u5efa\u3001\u5220\u9664\u6216\u4fee\u6539\u6570\u636e\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39901",
  "openTime": "2019-11-10",
  "patchDescription": "Oracle Fusion Middleware\uff08Oracle\u878d\u5408\u4e2d\u95f4\u4ef6\uff09\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u4f01\u4e1a\u548c\u4e91\u73af\u5883\u7684\u4e1a\u52a1\u521b\u65b0\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u63d0\u4f9b\u4e86\u4e2d\u95f4\u4ef6\u3001\u8f6f\u4ef6\u96c6\u5408\u7b49\u529f\u80fd\u3002Business Process Management Suite\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nOracle Fusion Middleware Business Process Management Suite\u7ec4\u4ef6\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u3001\u521b\u5efa\u3001\u5220\u9664\u6216\u4fee\u6539\u6570\u636e\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Fusion Middleware Business Process Management Suite\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Fusion Middleware Business Process Management Suite 11.1.1.7.0",
      "Oracle Fusion Middleware Business Process Management Suite 11.1.1.9.0",
      "Oracle Fusion Middleware Business Process Management Suite 12.1.3.0.0",
      "Oracle Fusion Middleware Business Process Management Suite 12.2.1.2.0",
      "Oracle Fusion Middleware Business Process Management Suite 2.2.1.3.0"
    ]
  },
  "referenceLink": "http://www.securitytracker.com/id/1041310",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-03",
  "title": "Oracle Fusion Middleware Business Process Management Suite\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2018-3100 (GCVE-0-2018-3100)

Vulnerability from cvelistv5

Published

2018-07-18 13:00

Modified

2024-10-02 19:48

Severity ?

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data.

Summary

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

URL

Tags

	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104813	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041310	vdb-entry, x_refsource_SECTRACK