Vulnerability in Oracle E-Business Suite Affecting Web Analytics Component
CVE-2017-10191

8.2HIGH

Key Information:

Vendor
Oracle
Status
Web Analytics
Vendor
CVE Published:
8 August 2017

Summary

This vulnerability exists within the Oracle Web Analytics component of the Oracle E-Business Suite, allowing an unauthenticated attacker with network access via HTTP to exploit the system. Although the vulnerability is located in the Web Analytics, successful exploitation may require interaction from users not involved with the attack. This poses a substantial risk, as it could result in unauthorized access to sensitive data, enabling attackers to view, modify, or delete critical information stored in the affected component. The threat extends beyond the Web Analytics, potentially having harmful effects on other products integrated within the Oracle environment.

Affected Version(s)

Web Analytics 12.1.1

Web Analytics 12.1.2

Web Analytics 12.1.3

References

http://www.securityfocus.com/bid/99658
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038926
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.