Unauthorized Access Vulnerability in Oracle E-Business Suite by Oracle
CVE-2017-3359

8.2HIGH

Key Information:

Vendor
Oracle
Status
Customer Intelligence
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability exists in the Oracle Customer Intelligence component of Oracle E-Business Suite, impacting versions 12.1.1, 12.1.2, and 12.1.3. This flaw allows unauthenticated attackers with network access via HTTP to exploit the Oracle Customer Intelligence component. Although successful exploitation requires human interaction from a victim, the effects can extend beyond the Customer Intelligence module, resulting in unauthorized access to sensitive data. Attackers may gain complete access to all data accessible through Oracle Customer Intelligence and may also gain the ability to make unauthorized updates, inserts, or deletions of accessible data.

Affected Version(s)

Customer Intelligence 12.1.1

Customer Intelligence 12.1.2

Customer Intelligence 12.1.3

References

http://www.securityfocus.com/bid/95464
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.