CVE-2017-3434

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1 through 12.1.3

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Oracle One-to-One Fulfillment accessible data, as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data.

Recommendations For versions 12.1.1 through 12.1.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.