Application Testing Suite Vulnerability in Oracle Enterprise Manager Grid Control
CVE-2017-3311

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Application Testing Suite
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability has been identified in the Application Testing Suite component of Oracle Enterprise Manager Grid Control, specifically within the Test Manager for Web Apps. This flaw could allow an unauthenticated attacker with network access via HTTP to execute exploits that compromise the Application Testing Suite. The implications of these attacks can lead to unauthorized updates, insertions, or deletions of various accessible data within the suite. Supported affected versions include 12.5.0.3, 12.5.0.2, and 12.4.0.2, highlighting the importance of applying appropriate security measures.

Affected Version(s)

Application Testing Suite 12.5.0.3

Application Testing Suite 12.5.0.2

Application Testing Suite 12.4.0.2

References

http://www.securityfocus.com/bid/95584
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037633
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.