Unauthorized Data Access in Oracle Agile PLM by Oracle
CVE-2017-10088

3.4LOW

Key Information:

Vendor
Oracle
Status
Agile Plm Framework
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the Oracle Agile PLM component of Oracle's Supply Chain Products Suite, which affects versions 9.3.5 and 9.3.6. This security flaw can be easily exploited by high-privileged attackers already logged on to the network where the Oracle Agile PLM operates. With successful exploitation, an attacker can gain unauthorized access to various data manipulation commands, such as updating, inserting, or deleting records within Oracle Agile PLM. Additionally, the vulnerability allows unauthorized read access to some of the application's accessible data, posing significant risks to data integrity and confidentiality.

Affected Version(s)

Agile PLM Framework 9.3.5

Agile PLM Framework 9.3.6

References

http://www.securityfocus.com/bid/99698
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038947
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.