Unauthenticated Network Vulnerability in Oracle Tuxedo Component
CVE-2017-10267

7.5HIGH

Key Information:

Vendor: Oracle
Status: Tuxedo
Vendor: CVE Published:; 14 November 2017

Summary

This vulnerability exists in the Oracle Tuxedo component of Oracle Fusion Middleware, affecting several supported versions. It enables an unauthenticated attacker with network access via Jolt to exploit the system, potentially leading to unauthorized access to sensitive information. Successful exploitation can culminate in full access to all data available through Oracle Tuxedo, posing significant risks to confidentiality and data integrity.

Affected Version(s)

Tuxedo 11.1.1

Tuxedo 12.1.1

Tuxedo 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/alert...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101875

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Jun 21, 2017