CVE-2017-3234

Name of the Vulnerable Software and Affected Versions Oracle Support Tools versions prior to 5.7

Description The issue concerns the Automatic Service Request (ASR) component, specifically the ASR Manager subcomponent. It allows an unauthenticated attacker with network access to compromise the Automatic Service Request (ASR) via SFT, potentially leading to a takeover of ASR.

Recommendations For versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting network access to the ASR component to minimize the risk of exploitation.