Unauthenticated Access in Oracle E-Business Suite Mobile Field Service
CVE-2017-10413

8.2HIGH

Key Information:

Vendor
Oracle
Status
Mobile Field Service
Vendor
CVE Published:
19 October 2017

Summary

An unauthenticated vulnerability exists in the Oracle Mobile Field Service component of Oracle E-Business Suite, specifically within the HTML5-based multiplatform. This vulnerability enables an attacker with network access via HTTP to exploit Oracle Mobile Field Service features. Successful exploitation relies on human interaction from a user other than the attacker, allowing unauthorized access to sensitive data. The impact can reveal critical data or allow complete access to information within Oracle Mobile Field Service. This could result in unauthorized operations, including the ability to update, insert, or delete accessible data. Organizations using affected versions (12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7) should take immediate action to secure their systems.

Affected Version(s)

Mobile Field Service 12.1.1

Mobile Field Service 12.1.2

Mobile Field Service 12.1.3

References

http://www.securityfocus.com/bid/101353
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.