Oracle Automatic Service Request Vulnerability in Oracle Support Tools
CVE-2017-3618

7.1HIGH

Key Information:

Vendor: Oracle
Status: Automatic Service Request (asr)
Vendor: CVE Published:; 24 April 2017

Summary

A security vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools allows a low privileged attacker with access to the infrastructure where ASR executes to compromise its operations. This can lead to unauthorized creation, deletion, or modification of critical data within ASR. Attackers may exploit this flaw to gain unauthorized access to sensitive information or manipulate all data accessible through the ASR system, highlighting significant risks to the integrity and confidentiality of organizational data.

Affected Version(s)

Automatic Service Request (ASR) < 5.7

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97819

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016