Unauthenticated Access Vulnerability in Oracle Advanced Outbound Telephony
CVE-2017-3393

7.1HIGH

Key Information:

Vendor
Oracle
Status
Advanced Outbound Telephony
Vendor
CVE Published:
24 April 2017

Summary

A significant vulnerability exists in the Oracle Advanced Outbound Telephony component of the Oracle E-Business Suite. This issue potentially allows an unauthenticated attacker, with HTTP network access, to exploit the system. Successful exploitation requires human interaction from a target user, enabling the attacker to gain unauthorized access to sensitive data. The vulnerability impacts multiple supported versions (12.2.3, 12.2.4, 12.2.5, and 12.2.6). Potential consequences include unauthorized updates, inserts, or deletions of data, leading to severe implications for data integrity and confidentiality.

Affected Version(s)

Advanced Outbound Telephony 12.2.3

Advanced Outbound Telephony 12.2.4

Advanced Outbound Telephony 12.2.5

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97761
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038299
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.