Oracle E-Business Suite Vulnerability in Outbound Telephony Component
CVE-2017-3389

8.2HIGH

Key Information:

Vendor

Oracle
Status
Advanced Outbound Telephony
Vendor
CVE Published:
27 January 2017

What is CVE-2017-3389?

An access control vulnerability exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite, potentially allowing an unauthenticated attacker with HTTP network access to compromise the system. Successful exploitation requires human interaction from a third party, which may lead to unauthorized access to sensitive information or manipulation of data within the component. This vulnerability particularly affects versions 12.1.1 through 12.2.6 of the Oracle E-Business Suite, exposing critical data and potentially allowing for unauthorized updates, inserts, or deletions of accessible data.

Affected Version(s)

Advanced Outbound Telephony 12.1.1

Advanced Outbound Telephony 12.1.2

Advanced Outbound Telephony 12.1.3

References

http://www.securityfocus.com/bid/95531
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-3389 : Oracle E-Business Suite Vulnerability in Outbound Telephony Component