Vulnerability in Oracle E-Business Suite – Advanced Outbound Telephony Component
CVE-2017-3375

8.2HIGH

Key Information:

Vendor: Oracle
Status: Advanced Outbound Telephony
Vendor: CVE Published:; 27 January 2017

What is CVE-2017-3375?

The Oracle Advanced Outbound Telephony component within Oracle E-Business Suite has a vulnerability that allows unauthenticated attackers with network access via HTTP to gain unauthorized access to critical data. Successful exploitation typically requires human interaction from a victim. Although the vulnerability exists in the Advanced Outbound Telephony component, it may have broader implications, impacting the integrity and confidentiality of data across additional Oracle products. Attackers could potentially manipulate accessible data, including unauthorized updates, inserts, or deletions, compromising the security of the entire system.

Affected Version(s)

Advanced Outbound Telephony 12.1.1

Advanced Outbound Telephony 12.1.2

Advanced Outbound Telephony 12.1.3

References

http://www.securityfocus.com/bid/95531

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016