Vulnerability in Oracle Agile PLM Component of Oracle Supply Chain Suite
CVE-2017-10092

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Agile Plm Framework
Vendor
CVE Published:
8 August 2017

Summary

This vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite allows unauthenticated attackers with network access via HTTP to potentially exploit the system. Although exploitation requires human interaction from an individual other than the attacker, the consequences can be significant. Attackers may gain unauthorized access to update, insert, or delete crucial data within Oracle Agile PLM, as well as unauthorized read access to certain subsets of accessible data. The potential for unauthorized data manipulation and exposure can lead to severe implications for organizations relying on Oracle Agile PLM for their supply chain management.

Affected Version(s)

Agile PLM Framework 9.3.5

Agile PLM Framework 9.3.6

References

http://www.securitytracker.com/id/1038947
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99677
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.