Vulnerability in Oracle E-Business Suite's Application Object Library Component
CVE-2017-10246

8.2HIGH

Key Information:

Vendor: Oracle
Status: Application Object Library
Vendor: CVE Published:; 8 August 2017

Summary

An unauthenticated attacker with network access via HTTP can exploit a vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite. This issue potentially allows attackers to gain unauthorized access to critical data and perform unauthorized operations, including updates, inserts, or deletions, affecting the integrity of the Oracle Application Object Library data.

Affected Version(s)

Application Object Library 12.1.3

Application Object Library 12.2.3

Application Object Library 12.2.4

References

http://www.securityfocus.com/bid/99625

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/42340/

exploitx_refsource_EXPLOIT-DB

http://www.securitytracker.com/id/1038926

vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
Jun 21, 2017

.

🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.