Vulnerability in Oracle GlassFish Server Component of Oracle Fusion Middleware
CVE-2017-3247

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 27 January 2017

What is CVE-2017-3247?

An improper authentication vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware. This flaw allows unauthenticated attackers with network access via SMTP to compromise the server. Although an interaction from a different person is required for successful exploitation, attackers could gain unauthorized access to modify, insert, or delete data on the server. This could potentially lead to significant integrity issues within Oracle GlassFish Server's accessible data.

Affected Version(s)

GlassFish Server 2.1.1

GlassFish Server 3.0.1

GlassFish Server 3.1.2

References

http://www.securityfocus.com/bid/95483

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016