Oracle E-Business Suite Vulnerability in Advanced Outbound Telephony Component
CVE-2017-10416

8.2HIGH

Key Information:

Vendor
Oracle
Status
Advanced Outbound Telephony
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite that can be exploited by unauthenticated attackers with network access via HTTP. This vulnerability is particularly concerning as it requires human interaction from an individual other than the attacker to be successful. While the flaw is contained within the Advanced Outbound Telephony component, successful exploitation can expose sensitive data and facilitate unauthorized modifications to data within the Oracle E-Business Suite. Attackers could gain critical access, potentially leading to significant data loss and integrity concerns.

Affected Version(s)

Advanced Outbound Telephony 12.2.3

Advanced Outbound Telephony 12.2.4

Advanced Outbound Telephony 12.2.5

References

http://www.securityfocus.com/bid/101303
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.