Vulnerability in Oracle E-Business Suite Product Affects User Interface
CVE-2017-3373

8.2HIGH

Key Information:

Vendor

Oracle
Status
Advanced Outbound Telephony
Vendor
CVE Published:
27 January 2017

What is CVE-2017-3373?

This vulnerability exists within the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite, specifically impacting its User Interface. An attacker with network access via HTTP can exploit this vulnerability without needing authentication. Although human interaction from a third party is required to successfully execute an attack, the consequences can be severe. Successful exploitation may lead to unauthorized access to sensitive data, as well as the ability to modify, insert, or delete data within the Oracle Advanced Outbound Telephony component. It poses significant risks not only to the Oracle E-Business Suite but could also extend its impact to additional connected systems.

Affected Version(s)

Advanced Outbound Telephony 12.1.1

Advanced Outbound Telephony 12.1.2

Advanced Outbound Telephony 12.1.3

References

http://www.securityfocus.com/bid/95485
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.