User Interface Vulnerability in Oracle E-Business Suite by Oracle
CVE-2017-3367

8.2HIGH

Key Information:

Vendor: Oracle
Status: Knowledge Management
Vendor: CVE Published:; 27 January 2017

Summary

The vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite presents an opportunity for unauthenticated attackers to compromise the User Interface. If exploited, unauthorized access to critical data and potentially harmful modifications, including updates and deletions, can occur, impacting the overall security of the application. Attackers require human interaction from victims to successfully realize the exploit, enhancing the risk for organizations utilizing the affected versions of the suite.

Affected Version(s)

Knowledge Management 12.1.1

Knowledge Management 12.1.2

Knowledge Management 12.1.3

References

http://www.securityfocus.com/bid/95523

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016