Vulnerability in Oracle GlassFish Server of Oracle Fusion Middleware
CVE-2017-3239

3.3LOW

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 27 January 2017

Summary

A vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware, specifically within the Administration subcomponent. This issue affects versions 3.0.1 and 3.1.2. The vulnerability can be easily exploited by a low privileged attacker who has logged on to the infrastructure where the server operates, potentially leading to unauthorized read access to sensitive data within the Oracle GlassFish Server. Organizations should take immediate action to assess their systems and apply the necessary patches to mitigate any risks associated with this vulnerability.

Affected Version(s)

GlassFish Server 3.0.1

GlassFish Server 3.1.2

References

http://www.securityfocus.com/bid/95493

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016