Vulnerability in Oracle Identity Manager Connector of Oracle Fusion Middleware
CVE-2017-10270

8.2HIGH

Key Information:

Vendor
Oracle
Status
Identity Manager Connector
Vendor
CVE Published:
19 October 2017

Summary

The Oracle Identity Manager Connector within Oracle Fusion Middleware has a vulnerability that can be exploited by an unauthenticated attacker who has logon access to the infrastructure where the connector operates. Successfully executing an attack requires interaction from a user other than the attacker, leading to potential unauthorized creation, deletion, or modification of critical data. The exploit could cause system instability, leading to denial of service conditions for the Oracle Identity Manager Connector. The consequence of this vulnerability could affect not only the connector but also other interconnected systems, undermining the overall data integrity and availability.

Affected Version(s)

Identity Manager Connector 9.1.1.5.0

References

http://www.securityfocus.com/bid/101313
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039602
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.