Vulnerability in Oracle E-Business Suite File Management Component
CVE-2017-3556

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Application Object Library
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the File Management component of Oracle's Application Object Library within the E-Business Suite. This flaw permits unauthenticated attackers with network access via HTTP to potentially gain unauthorized read access to restricted data within the Oracle Application Object Library. The issue specifically affects multiple versions of the E-Business Suite, making it essential for organizations utilizing this software to take precautionary measures and apply necessary patches to mitigate risks associated with potential data exposure.

Affected Version(s)

Application Object Library 12.1.3

Application Object Library 12.2.3

Application Object Library 12.2.4

References

http://www.securityfocus.com/bid/97785
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
https://erpscan.io/advisories/erpscan-17-025-auth-bypass-...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.