Vulnerability in Oracle Fusion Middleware MapViewer Component
CVE-2017-3230

8.6HIGH

Key Information:

Vendor
Oracle
Status
Fusion Middleware Mapviewer
Vendor
CVE Published:
24 April 2017

Summary

A security vulnerability exists in the Oracle Fusion Middleware MapViewer component, specifically within the Map Builder subcomponent. This issue allows an unauthenticated attacker to gain network access via HTTP, leading to the unauthorized creation, deletion, or modification of data accessible within the Oracle Fusion Middleware MapViewer. Additionally, successful exploitation may result in unauthorized read access to certain data and can initiate a partial denial of service. This vulnerability affects supported versions 11.1.1.9, 12.2.1.1, and 12.2.1.2, highlighting the need for immediate patching to protect critical data.

Affected Version(s)

Fusion Middleware MapViewer 11.1.1.9

Fusion Middleware MapViewer 12.2.1.1

Fusion Middleware MapViewer 12.2.1.2

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97746
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.