Improper access control in Oracle E-Business Suite - CVE-2017-3550
Published: April 6, 2018
Vulnerability identifier: #VU11600
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-3550
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle E-Business Suite
Oracle E-Business Suite
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists in the Oracle Customer Interaction History component due to improper access control. A remote attacker can trick the victim into visiting a specially crafted website, gain access to critical data or complete access to all accessible data and update, insert or delete some accessible data.
The weakness exists in the Oracle Customer Interaction History component due to improper access control. A remote attacker can trick the victim into visiting a specially crafted website, gain access to critical data or complete access to all accessible data and update, insert or delete some accessible data.
How to mitigate CVE-2017-3550
Install update from vendor's website.