CVE-2017-10265

Name of the Vulnerable Software and Affected Versions Oracle Integrated Lights Out Manager (ILOM) versions prior to 3.2.6

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks can result in unauthorized access to some of Oracle ILOM's accessible data, including update, insert, or delete access, as well as unauthorized read access to a subset of the data. Additionally, it can cause a partial denial of service (DOS) of Oracle ILOM.

Recommendations For versions prior to 3.2.6, update to version 3.2.6 or later to resolve the issue. As a temporary workaround, consider restricting network access to the Oracle ILOM component via HTTP to minimize the risk of exploitation.