Remote Code Execution Vulnerability in Oracle Commerce Platform by Oracle
CVE-2017-3296

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Commerce Platform
Vendor: CVE Published:; 27 January 2017

What is CVE-2017-3296?

A vulnerability exists within the Oracle Commerce Platform, specifically in the Dynamo Application Framework, which enables an unauthenticated attacker with network access through HTTP to potentially gain unauthorized read access to certain data. This type of attack hinges on human interaction from a third party, making it important for users and administrators to be aware of the risks and take necessary precautions to mitigate threats. Affected versions include 10.0.3.5, 10.2.0.5, and 11.2.0.2.

Affected Version(s)

Commerce Platform 10.0.3.5

Commerce Platform 10.2.0.5

Commerce Platform 11.2.0.2

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016