PT-2017-15742 · Oracle · Oracle One-To-One Fulfillment+1

Published

2017-01-27

Updated

2019-10-03

CVE-2017-3278

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite version 12.1.3

Description The issue affects the Oracle One-to-One Fulfillment component, specifically the Request Confirmation subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized access to critical data, complete access to all Oracle One-to-One Fulfillment accessible data, as well as unauthorized update, insert, or delete access to some of Oracle One-to-One Fulfillment accessible data.

Recommendations For version 12.1.3, update to a version that includes a fix for this issue to prevent unauthorized access and modifications to data.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-3278

Affected Products

Oracle E-Business Suite

Oracle One-To-One Fulfillment

PT-2017-15742 · Oracle · Oracle One-To-One Fulfillment+1

CVE-2017-3278

Related Identifiers

Affected Products

References · 5