CVE-2017-10130Exposure of Sensitive Information Through Metadata in Corporation Istore

CWE-1230Exposure of Sensitive Information Through Metadata6 documents5 sources
Severity
7.6HIGHNVD
EPSS
0.5%
top 33.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation IstoreOracle Istore
Timeline
PublishedAug 8
Latest updateAug 14

Description

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Management). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact addition

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:NExploitability: 2.3 | Impact: 4.7

Affected Packages2 packages

NVDoracle/istore7 versions+6
CVEListV5oracle_corporation/istore7 versions+6

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-hwf9-qq58-7vw5: Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Management)2022-05-13
CVEList
CVE-2017-10130: Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Management)2017-08-08

📋Vendor Advisories

1
Red Hat
postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table2025-08-14
CVE-2017-10130 — Corporation Istore vulnerability | cvebase