Vulnerability in Oracle Support Tools Affecting Automatic Service Request
CVE-2017-3232

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Automatic Service Request (asr)
Vendor: CVE Published:; 24 April 2017

Summary

A vulnerability exists within the Automatic Service Request (ASR) component of Oracle Support Tools prior to version 5.7. This flaw permits low-privileged users who have logged on to the infrastructure where ASR is hosted to exploit this weakness, granting them unauthorized access to sensitive data. Successful exploitation can lead to the compromise of all accessible ASR data, highlighting the need for prompt updates and robust security measures to safeguard vital information.

Affected Version(s)

Automatic Service Request (ASR) < 5.7

References

http://www.securityfocus.com/bid/97806

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016