Security Flaw in Oracle Service Bus from Oracle Fusion Middleware
CVE-2017-3507

7.3HIGH

Key Information:

Vendor
Oracle
Status
Service Bus
Vendor
CVE Published:
24 April 2017

Summary

A security vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware exposes supported versions to potential exploitation. Unauthenticated attackers with network access via HTTP can manipulate data, including unauthorized updates, inserts, or deletions. Additionally, attackers may gain unauthorized read access to certain data sets and could trigger a partial denial of service (DoS), affecting the overall integrity of the Oracle Service Bus environment.

Affected Version(s)

Service Bus 12.1.3.0.0

Service Bus 12.2.1.0.0

Service Bus 12.2.1.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97888
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.