CVE-2017-3537

Name of the Vulnerable Software and Affected Versions Oracle Utilities Applications (subcomponent: Mobile Communications Platform) versions 2.2.0.3.13, 2.3.0.0, and 2.3.0.1

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Real-Time Scheduler. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some of the Oracle Real-Time Scheduler accessible data, as well as unauthorized read access to a subset of Oracle Real-Time Scheduler accessible data.

Recommendations For version 2.2.0.3.13, update to a version that fixes this issue. For version 2.3.0.0, update to a version that fixes this issue. For version 2.3.0.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Oracle Real-Time Scheduler component to minimize the risk of exploitation.