Vulnerability in Oracle Tuxedo Component of Oracle Fusion Middleware
CVE-2017-10278

7HIGH

Key Information:

Vendor: Oracle
Status: Tuxedo
Vendor: CVE Published:; 14 November 2017

Summary

A vulnerability exists in the Oracle Tuxedo component of Oracle Fusion Middleware, allowing unauthenticated network attackers via Jolt protocol to compromise Oracle Tuxedo installations. Exploitation of this flaw could result in unauthorized access to sensitive data and allow attackers to perform unauthorized operations such as updates, inserts, or deletes on accessible data. Additionally, it could lead to partial denial of service impacts, affecting the overall functionality of affected systems.

Affected Version(s)

Tuxedo 11.1.1

Tuxedo 12.1.1

Tuxedo 12.1.3

References

http://www.securityfocus.com/bid/101870

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/alert...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Jun 21, 2017