CVE-2017-10244 : Vulnerability in the Oracle Application Object Library component of Oracle E-Bus

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published 2017-08-08 15:29:07

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2017-10244

Oracle » Application Object Library » Version: 12.2.4
cpe:2.3:a:oracle:application_object_library:12.2.4:*:*:*:*:*:*:*
Matching versions
Oracle » Application Object Library » Version: 12.2.3
cpe:2.3:a:oracle:application_object_library:12.2.3:*:*:*:*:*:*:*
Matching versions
Oracle » Application Object Library » Version: 12.2.5
cpe:2.3:a:oracle:application_object_library:12.2.5:*:*:*:*:*:*:*
Matching versions
Oracle » Application Object Library » Version: 12.1.3
cpe:2.3:a:oracle:application_object_library:12.1.3:*:*:*:*:*:*:*
Matching versions
Oracle » Application Object Library » Version: 12.2.6
cpe:2.3:a:oracle:application_object_library:12.2.6:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-10244

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-10244

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2017-10244

http://www.securityfocus.com/bid/99702

Oracle E-Business Suite CVE-2017-10244 Remote Security Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038926

Oracle E-Business Suite Multiple Flaws Let Remote Users Access and Modify Data and Cause Denial of Service Conditions on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Oracle Critical Patch Update - July 2017
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-10244

Products affected by CVE-2017-10244

Exploit prediction scoring system (EPSS) score for CVE-2017-10244

CVSS scores for CVE-2017-10244

References for CVE-2017-10244