Oracle E-Business Suite Vulnerability in Interaction Center Intelligence
CVE-2017-10303

8.2HIGH

Key Information:

Vendor
Oracle
Status
Interaction Center Intelligence
Vendor
CVE Published:
19 October 2017

Summary

A significant vulnerability exists within the Oracle Interaction Center Intelligence component of Oracle E-Business Suite. This security flaw allows unauthenticated attackers with network access via HTTP to exploit the system, potentially leading to unauthorized access to critical data. While the vulnerability primarily concerns the Oracle Interaction Center Intelligence, successful exploitation can affect other connected products. Attackers may leverage this flaw, requiring human interaction from an unsuspecting user, to gain full access to sensitive information and manipulate the data stored within the system, including unauthorized updates, inserts, or deletions.

Affected Version(s)

Interaction Center Intelligence 12.1.1

Interaction Center Intelligence 12.1.2

Interaction Center Intelligence 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101327
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.