Vulnerability in Oracle iLearning Affects Learner Pages
CVE-2017-10199

8.2HIGH

Key Information:

Vendor
Oracle
Status
Ilearning
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists within the Oracle iLearning component, specifically impacting the Learner Pages subcomponent. This issue allows unauthenticated network attackers to exploit the system via HTTP. Although successful exploitation necessitates human interaction from a separate user, the implications of this vulnerability can extend beyond Oracle iLearning itself. Attackers can gain unauthorized access to critical data, potentially leading to complete control over all information accessible through Oracle iLearning. Furthermore, they may have the ability to illegitimately update, insert, or delete sensitive data.

Affected Version(s)

iLearning 6.2

References

http://www.securityfocus.com/bid/99637
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038949
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.