Vulnerability in Oracle GlassFish Server Component of Oracle Fusion Middleware
CVE-2017-3247
4.3MEDIUM
Summary
An improper authentication vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware. This flaw allows unauthenticated attackers with network access via SMTP to compromise the server. Although an interaction from a different person is required for successful exploitation, attackers could gain unauthorized access to modify, insert, or delete data on the server. This could potentially lead to significant integrity issues within Oracle GlassFish Server's accessible data.
Affected Version(s)
GlassFish Server 2.1.1
GlassFish Server 3.0.1
GlassFish Server 3.1.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved