Unauthenticated Access Vulnerability in Oracle E-Business Suite Knowledge Management
CVE-2017-3362

8.2HIGH

Key Information:

Vendor

Oracle
Status
Knowledge Management
Vendor
CVE Published:
27 January 2017

What is CVE-2017-3362?

This vulnerability resides in the Oracle Knowledge Management component of the Oracle E-Business Suite. It allows unauthenticated attackers with network access via HTTP to exploit the system. The vulnerability requires human interaction from a person other than the attacker, making it particularly insidious. While the primary vulnerability is within the Knowledge Management system, successful exploitation can lead to unauthorized access to critical data across multiple Oracle products. Attackers may gain the ability to update, insert, or delete accessible data, posing significant risks to data confidentiality and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Knowledge Management 12.1.1

Knowledge Management 12.1.2

Knowledge Management 12.1.3

References

http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95467
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.