Unauthenticated Remote Code Execution Vulnerability in Oracle E-Business Suite - Oracle
CVE-2017-3441

8.2HIGH

Key Information:

Vendor: Oracle
Status: Customer Interaction History
Vendor: CVE Published:; 27 January 2017

What is CVE-2017-3441?

The vulnerability in Oracle Customer Interaction History component of Oracle E-Business Suite permits an unauthenticated attacker with network access to exploit the system. This could lead to unauthorized access to sensitive data, including the ability to update, insert, or delete entries within user interfaces. Successful exploitation requires human interaction, posing risks not only to Oracle Customer Interaction History but also to potentially integrated systems.

Affected Version(s)

Customer Interaction History 12.1.1

Customer Interaction History 12.1.2

Customer Interaction History 12.1.3

References

http://www.securityfocus.com/bid/95573

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016