Vulnerability in Oracle E-Business Suite's Applications Calendar Component
CVE-2017-10325

8.2HIGH

Key Information:

Vendor

Oracle
Status
Common Applications Calendar
Vendor
CVE Published:
19 October 2017

What is CVE-2017-10325?

The Oracle Common Applications Calendar component of Oracle E-Business Suite is prone to a vulnerability that can be exploited by unauthenticated attackers with HTTP network access. Although this vulnerability targets the Applications Calendar, its exploitation may lead to unauthorized access to sensitive data across various related components. Successful attacks require human interaction from a third party, potentially enabling an attacker to manipulate or access critical data, leading to unauthorized updates, inserts, or deletions within the system.

Affected Version(s)

Common Applications Calendar 12.1.1

Common Applications Calendar 12.1.2

Common Applications Calendar 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101311
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-10325 : Vulnerability in Oracle E-Business Suite's Applications Calendar Component