Vulnerability in Oracle E-Business Suite's Telephony Component
CVE-2017-3382

8.2HIGH

Key Information:

Vendor: Oracle
Status: Advanced Outbound Telephony
Vendor: CVE Published:; 27 January 2017

What is CVE-2017-3382?

A vulnerability exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite, allowing unauthenticated attackers with network access via HTTP to exploit the system. Successful exploitation requires human interaction and can lead to unauthorized access to critical data, potentially affecting other integrated products. Attackers may gain complete access to Oracle Advanced Outbound Telephony data, including the ability to update, insert, or delete accessible information. This underscores the importance of securing the affected versions to prevent unauthorized activities and safeguard data integrity.

Affected Version(s)

Advanced Outbound Telephony 12.1.1

Advanced Outbound Telephony 12.1.2

Advanced Outbound Telephony 12.1.3

References

http://www.securityfocus.com/bid/95531

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016