Vulnerability Details : CVE-2017-3451
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
Products affected by CVE-2017-3451
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3451
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3451
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
References for CVE-2017-3451
-
http://www.securityfocus.com/bid/97741
Oracle Retail Open Commerce Platform CVE-2017-3451 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Oracle Critical Patch Update - April 2017Patch;Vendor Advisory
Jump to