Vulnerability in Oracle E-Business Suite's Customer Interaction History Admin Console
CVE-2017-3550

7.1HIGH

Key Information:

Vendor
Oracle
Status
Customer Interaction History
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the Oracle Customer Interaction History component of Oracle E-Business Suite, specifically within the Admin Console, that can be exploited by an unauthenticated attacker with basic network access. This vulnerability allows attackers to potentially gain unauthorized access to sensitive data and perform critical operations such as data updates, inserts, or deletions. Successful exploitation of this vulnerability relies on social engineering, requiring interaction from a user other than the attacker, opening up a pathway for targeted attacks that could impact various Oracle applications and services. Organizations using affected versions of the software should take precautionary measures to secure their deployments.

Affected Version(s)

Customer Interaction History 12.1.1

Customer Interaction History 12.1.2

Customer Interaction History 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97764
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038299
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.