Vulnerability in Oracle Support Tools Automatic Service Request Component
CVE-2017-3619

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Automatic Service Request (asr)
Vendor: CVE Published:; 24 April 2017

Summary

A vulnerability exists in the Automatic Service Request (ASR) component of Oracle Support Tools, specifically impacting the ASR Manager in versions prior to 5.7. This flaw allows low privileged attackers who have logged on to the infrastructure hosting ASR to potentially compromise the service. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, thereby posing significant risks to the integrity of all data accessible via ASR. Given its ease of exploitation, organizations utilizing affected versions should prioritize immediate remediation.

Affected Version(s)

Automatic Service Request (ASR) < 5.7

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97771

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016