Vulnerability in Oracle GlassFish Server of Oracle Fusion Middleware
CVE-2017-3239

3.3LOW

Key Information:

Vendor
Oracle
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware, specifically within the Administration subcomponent. This issue affects versions 3.0.1 and 3.1.2. The vulnerability can be easily exploited by a low privileged attacker who has logged on to the infrastructure where the server operates, potentially leading to unauthorized read access to sensitive data within the Oracle GlassFish Server. Organizations should take immediate action to assess their systems and apply the necessary patches to mitigate any risks associated with this vulnerability.

Affected Version(s)

GlassFish Server 3.0.1

GlassFish Server 3.1.2

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.