CVE-2017-10179

Name of the Vulnerable Software and Affected Versions Application Management Pack for Oracle E-Business Suite versions 12.1.0.4.0 and 13.1.1.1.0

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise the Application Management Pack for Oracle E-Business Suite. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data.

Recommendations For version 12.1.0.4.0, update to a version that includes the fix for this issue. For version 13.1.1.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Application Management Pack for Oracle E-Business Suite component via HTTP to minimize the risk of exploitation.