Unauthenticated Access Vulnerability in Oracle Communications Policy Management
CVE-2017-10159

6.1MEDIUM

Key Information:

Vendor

Oracle
Status
Communications Policy Management
Vendor
CVE Published:
19 October 2017

What is CVE-2017-10159?

A vulnerability exists in Oracle Communications Policy Management that allows an unauthenticated attacker to gain unauthorized access to sensitive data. By exploiting this weakness, an attacker with network access via HTTP can compromise the system. Such attacks necessitate human interaction, allowing the attacker to execute unauthorized updates, inserts, or deletions of accessible data. In addition to affecting the Policy Management component, this vulnerability can also have far-reaching consequences on other connected Oracle products. This vulnerability emphasizes the importance of securing access controls and ensuring that user interactions are closely monitored.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Communications Policy Management 11.5

Communications Policy Management 12.x

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039590
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101425
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.