Vulnerability in Oracle E-Business Suite's Advanced Outbound Telephony Component
CVE-2017-10417

8.2HIGH

Key Information:

Vendor
Oracle
Status
Advanced Outbound Telephony
Vendor
CVE Published:
19 October 2017

Summary

The vulnerability in the Advanced Outbound Telephony component of Oracle E-Business Suite allows an unauthenticated attacker with HTTP network access to exploit critical aspects of the system. Successful exploitation hinges on human interaction from an unsuspecting party, which may result in unauthorized access and manipulation of sensitive data within Oracle Advanced Outbound Telephony. This could extend to unauthorized modifications and data coercion across dependent systems, posing a significant risk to organizations using the affected Oracle E-Business Suite versions.

Affected Version(s)

Advanced Outbound Telephony 12.2.3

Advanced Outbound Telephony 12.2.4

Advanced Outbound Telephony 12.2.5

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101308
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039592
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.