Unauthorized Access Vulnerability in Oracle Supply Chain Products Suite
CVE-2017-10161

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Agile Engineering Data Management
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Engineering Data Management component of the Oracle Supply Chain Products Suite. This security flaw allows an unauthenticated attacker with network access via HTTP to exploit the system. Affected versions include 6.1.3.0 and 6.2.2.0. Successful exploitation could lead to unauthorized modifications, enabling the attacker to update, insert, or delete data, as well as gain unauthorized read access to sensitive information stored within Oracle Engineering Data Management.

Affected Version(s)

Agile Engineering Data Management 6.1.3.0

Agile Engineering Data Management 6.2.2.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101395

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017