Remote Code Execution Vulnerability in Oracle E-Business Suite by Oracle
CVE-2017-10174

8.2HIGH

Key Information:

Vendor
Oracle
Status
Isupport
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability in the Oracle iSupport component of Oracle E-Business Suite allows an unauthenticated attacker, with network access via HTTP, to exploit the system. Successful exploitation is contingent upon human interaction from an individual other than the attacker. The compromised Oracle iSupport not only allows unauthorized access to sensitive data but also enables attackers to perform operations like updates, inserts, or deletions on accessible data within Oracle iSupport. Although primarily affecting Oracle iSupport, the implications could extend to other products relying on the same architecture.

Affected Version(s)

iSupport 12.1.1

iSupport 12.1.2

iSupport 12.1.3

References

http://www.securityfocus.com/bid/99664
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038926
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.