Vulnerability in Automatic Service Request component of Oracle Support Tools
CVE-2017-3237

7.8HIGH

Key Information:

Vendor: Oracle
Status: Automatic Service Request (asr)
Vendor: CVE Published:; 24 April 2017

Summary

A vulnerability exists in the Automatic Service Request (ASR) component of Oracle Support Tools, specifically in versions prior to 5.7. This issue allows attackers with low privileges, who have access to the infrastructure where ASR operates, to compromise the ASR functionality. Successful exploitation can lead to unauthorized takeover of ASR, potentially jeopardizing the security and integrity of the system. It is crucial for users of affected versions to apply the necessary updates to mitigate risks.

Affected Version(s)

Automatic Service Request (ASR) < 5.7

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97789

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016