Vulnerability in User Management of Oracle E-Business Suite
CVE-2017-3515

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
User Management
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the User Management component of Oracle E-Business Suite, affecting several versions. An unauthenticated attacker with network access via HTTP can exploit this weakness. Successful exploitation requires interaction from a human, other than the attacker, and can lead to unauthorized modifications of data accessible through Oracle User Management. This vulnerability may significantly impact other related systems as well.

Affected Version(s)

User Management 12.1.3

User Management 12.2.3

User Management 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97783
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038299
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.