Vulnerability in Oracle E-Business Suite Wireless Component
CVE-2017-10184

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Field Service
Vendor: CVE Published:; 8 August 2017

Summary

A vulnerability exists in the Oracle Field Service component of Oracle E-Business Suite, affecting multiple versions. An unauthenticated attacker with network access via HTTP can exploit this vulnerability to gain unauthorized read access to sensitive information. The vulnerability arises from insufficient access controls, allowing attackers to view data that should otherwise be restricted.

Affected Version(s)

Field Service 12.1.1

Field Service 12.1.2

Field Service 12.1.3

References

http://www.securityfocus.com/bid/99708

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038926

vdb-entryx_refsource_SECTRACK

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
Jun 21, 2017

.

🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.