CVE-2017-10048

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Repository versions 11.1.1.7.0 and 12.1.3.0.0

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks require human interaction from a person other than the attacker. While the vulnerability is in Oracle Enterprise Repository, attacks may significantly impact additional products, resulting in unauthorized access to critical data or complete access to all Oracle Enterprise Repository accessible data, as well as unauthorized update, insert, or delete access to some of Oracle Enterprise Repository accessible data.

Recommendations For version 11.1.1.7.0, update to a version that fixes this issue. For version 12.1.3.0.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Web Interface component of Oracle Enterprise Repository to minimize the risk of exploitation.