Oracle E-Business Suite Vulnerability in Service Fulfillment Manager Component
CVE-2017-3284

8.2HIGH

Key Information:

Vendor

Oracle
Status
Service Fulfillment Manager
Vendor
CVE Published:
27 January 2017

What is CVE-2017-3284?

The vulnerability in the Oracle Service Fulfillment Manager allows an unauthenticated attacker to exploit the system with network access via HTTP. Although it primarily resides in the Service Fulfillment Manager, successful exploitation may allow unauthorized access to critical data and potentially grant the attacker the ability to update, insert, or delete data across the entire suite. Notably, the attack requires human interaction from a third party, increasing the complexity of exploitation. Protecting against this vulnerability is crucial to maintain data integrity and confidentiality.

Affected Version(s)

Service Fulfillment Manager 12.1.1

Service Fulfillment Manager 12.1.2

Service Fulfillment Manager 12.1.3

References

http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95613
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.