CVE-2017-3278

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite version 12.1.3

Description The issue affects the Oracle One-to-One Fulfillment component, specifically the Request Confirmation subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized access to critical data, complete access to all Oracle One-to-One Fulfillment accessible data, as well as unauthorized update, insert, or delete access to some of Oracle One-to-One Fulfillment accessible data.

Recommendations For version 12.1.3, update to a version that includes a fix for this issue to prevent unauthorized access and modifications to data.