Unauthorized Access Vulnerability in Oracle E-Business Suite iSupport Component
CVE-2017-3369

8.2HIGH

Key Information:

Vendor
Oracle
Status
Isupport
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability exists in the iSupport component of Oracle E-Business Suite that allows unauthenticated attackers with network access via HTTP to compromise the system. This often requires human interaction from a user other than the attacker. Although the vulnerability is identified in Oracle iSupport, it can greatly affect other associated products. Successful exploitation can lead to unauthorized access to critical data, allowing attackers to read, insert, update, or delete sensitive information from the systems accessible via Oracle iSupport.

Affected Version(s)

iSupport 12.1.1

iSupport 12.1.2

iSupport 12.1.3

References

http://www.securityfocus.com/bid/95468
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.