Vulnerability Details : CVE-2014-2492
Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Web client (PC).
Exploit prediction scoring system (EPSS) score for CVE-2014-2492
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2492
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2014-2492
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014Vendor Advisory
-
http://www.securitytracker.com/id/1030582
Oracle Supply Chain Products Suite Bugs Let Remote Users Partially Access and Modify Data - SecurityTracker
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
Products affected by CVE-2014-2492
- cpe:2.3:a:oracle:supply_chain_products_suite:9.3.3:*:*:*:*:*:*:*