Unauthorized Access Risk in Oracle E-Business Suite iSupport Component
CVE-2017-10415

8.2HIGH

Key Information:

Vendor
Oracle
Status
Isupport
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the iSupport component of Oracle E-Business Suite that allows unauthenticated attackers with network access to exploit the system. This flaw can facilitate unauthorized access to critical data, enabling the attacker to modify or tamper with information. While the exploitation requires human interaction, the consequences may extend beyond the iSupport component, potentially affecting other integrated systems. Organizations using affected versions should ensure they implement necessary protections to safeguard sensitive information against possible unauthorized access.

Affected Version(s)

iSupport 12.1.1

iSupport 12.1.2

iSupport 12.1.3

References

http://www.securityfocus.com/bid/101336
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.