Vulnerability in Oracle Agile PLM Affects Oracle Supply Chain Products Suite
CVE-2017-10082

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Agile Plm Framework
Vendor
CVE Published:
8 August 2017

Summary

The vulnerability in the Oracle Agile PLM component of the Oracle Supply Chain Products Suite allows unauthenticated attackers with network access to exploit the system via HTTP. This flaw necessitates human interaction from a third party for successful attacks, which can lead to an unauthorized update, insert, or deletion of accessible data. Additionally, attackers may gain unauthorized read access to specific data within Oracle Agile PLM. The security implications of this vulnerability could extend beyond the Agile PLM, potentially affecting connected applications, thus posing significant risks to data integrity and confidentiality.

Affected Version(s)

Agile PLM Framework 9.3.5

Agile PLM Framework 9.3.6

References

http://www.securitytracker.com/id/1038947
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99673
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.