User Interface Vulnerability in Oracle E-Business Suite by Oracle
CVE-2017-3282

4.7MEDIUM

Key Information:

Vendor
Oracle
Status
Partner Management
Vendor
CVE Published:
27 January 2017

Summary

This vulnerability affects the Oracle Partner Management component within the Oracle E-Business Suite and allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploitation requires interaction from a user other than the attacker. While the primary target is Oracle Partner Management, successful exploitation can impact additional products, enabling unauthorized modifications to sensitive data. This poses a significant risk to data integrity and confidentiality.

Affected Version(s)

Partner Management 12.1.1

Partner Management 12.1.2

Partner Management 12.1.3

References

http://www.securityfocus.com/bid/95586
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.