Improper access control in Oracle E-Business Suite - CVE-2017-3393
Published: April 6, 2018
Vulnerability identifier: #VU11602
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-3393
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle E-Business Suite
Oracle E-Business Suite
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists in the Oracle Advanced Outbound Telephony component due to improper access control. A remote attacker can trick the victim into visiting a specially crafted website, gain access to critical data or complete access to all accessible data and update, insert or delete some accessible data.
The weakness exists in the Oracle Advanced Outbound Telephony component due to improper access control. A remote attacker can trick the victim into visiting a specially crafted website, gain access to critical data or complete access to all accessible data and update, insert or delete some accessible data.
How to mitigate CVE-2017-3393
Install update from vendor's website.