Main Vulnerability Database Vulnerabilities #VU11599

#VU11599 Improper access control in Oracle E-Business Suite - CVE-2017-3549

Published: April 6, 2018 / Updated: September 14, 2018

Vulnerability identifier: #VU11599

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-3549

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Oracle E-Business Suite

Software vendor:
Oracle

Description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information or write arbitrary files on the target system.

The weakness exists in the Oracle Scripting component due to improper access control. A remote attacker can gain access to critical data or complete access to all accessible data and create, delete or modify critical data or all accessible data.

Remediation

Install update from vendor's website.

External links

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

#VU11599 Improper access control in Oracle E-Business Suite - CVE-2017-3549

Description

Remediation

External links

Please verify you're human