HTTP: Oracle E-Business Suite Blind Server-side Request Forgery

This signature detects attempts to exploit a known vulnerability against Oracle E-Business Suite. A successful attack can lead to elevation of privilege and arbitrary code execution.

Extended Description

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected Products

Oracle application_management_pack

References

CVE: CVE-2018-3167

Short Name
HTTP:CTS:ORACLE-E-BS-SSRF
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Blind CVE-2018-3167 E-Business Forgery Oracle Request Server-side Suite
Release Date
08/29/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3628
False Positive
Unknown
Vendors

Oracle

Found a potential security threat?