Vulnerability in Oracle E-Business Suite Wireless Component
CVE-2017-10184

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Field Service
Vendor: CVE Published:; 8 August 2017

🔔 Create Oracle Vulnerability Alert

What is CVE-2017-10184?

A vulnerability exists in the Oracle Field Service component of Oracle E-Business Suite, affecting multiple versions. An unauthenticated attacker with network access via HTTP can exploit this vulnerability to gain unauthorized read access to sensitive information. The vulnerability arises from insufficient access controls, allowing attackers to view data that should otherwise be restricted.

Affected Version(s)

Field Service 12.1.1

Field Service 12.1.2

Field Service 12.1.3

References

http://www.securityfocus.com/bid/99708

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038926

vdb-entryx_refsource_SECTRACK

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
Jun 21, 2017

.

CVE-2017-10184 : Vulnerability in Oracle E-Business Suite Wireless Component