Oracle E-Business Suite Vulnerability in Knowledge Management Component
CVE-2017-10411

8.2HIGH

Key Information:

Vendor
Oracle
Status
Knowledge Management
Vendor
CVE Published:
19 October 2017

Summary

An unauthenticated access vulnerability exists in the Knowledge Management component of Oracle's E-Business Suite, allowing attackers to exploit network access via HTTP. The vulnerability is associated with human interaction requirements, meaning while an attacker cannot execute the attack alone, they can significantly impact the security of Oracle Knowledge Management. Successful exploitation could lead to unauthorized access to sensitive data and potentially allow attackers to execute unauthorized updates, inserts, or deletions of accessible data within the Knowledge Management system. This vulnerability highlights the importance of maintaining robust security practices to safeguard against network-accessible threats to critical business systems.

Affected Version(s)

Knowledge Management 12.1.1

Knowledge Management 12.1.2

Knowledge Management 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101345
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.