Oracle E-Business Suite Vulnerability in Knowledge Management Component
CVE-2017-3363

8.2HIGH

Key Information:

Vendor: Oracle
Status: Knowledge Management
Vendor: CVE Published:; 27 January 2017

Summary

A vulnerability exists in the Oracle Knowledge Management component of Oracle E-Business Suite, primarily impacting versions 12.1.1, 12.1.2, and 12.1.3. This flaw can be easily exploited by unauthenticated attackers who have network access via HTTP. Successful exploitation necessitates human interaction from a person other than the attacker, enabling potential unauthorized access to sensitive data. Additionally, attackers may gain the ability to update, insert, or delete data accessible in Oracle Knowledge Management. This vulnerability poses significant risks to organizations relying on Oracle Knowledge Management, as it may lead to severe data breaches and operational disruptions.

Affected Version(s)

Knowledge Management 12.1.1

Knowledge Management 12.1.2

Knowledge Management 12.1.3

References

http://www.securityfocus.com/bid/95523

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016