Unauthenticated Access Vulnerability in Oracle E-Business Suite Knowledge Management
CVE-2017-3362

8.2HIGH

Key Information:

Vendor
Oracle
Status
Knowledge Management
Vendor
CVE Published:
27 January 2017

Summary

This vulnerability resides in the Oracle Knowledge Management component of the Oracle E-Business Suite. It allows unauthenticated attackers with network access via HTTP to exploit the system. The vulnerability requires human interaction from a person other than the attacker, making it particularly insidious. While the primary vulnerability is within the Knowledge Management system, successful exploitation can lead to unauthorized access to critical data across multiple Oracle products. Attackers may gain the ability to update, insert, or delete accessible data, posing significant risks to data confidentiality and integrity.

Affected Version(s)

Knowledge Management 12.1.1

Knowledge Management 12.1.2

Knowledge Management 12.1.3

References

http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95467
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.