Vulnerability in Oracle GlassFish Server Component of Oracle Fusion Middleware
CVE-2017-3247

4.3MEDIUM

Key Information:

Vendor
Oracle
Vendor
CVE Published:
27 January 2017

Summary

An improper authentication vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware. This flaw allows unauthenticated attackers with network access via SMTP to compromise the server. Although an interaction from a different person is required for successful exploitation, attackers could gain unauthorized access to modify, insert, or delete data on the server. This could potentially lead to significant integrity issues within Oracle GlassFish Server's accessible data.

Affected Version(s)

GlassFish Server 2.1.1

GlassFish Server 3.0.1

GlassFish Server 3.1.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.