CVE-2017-10266

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 33.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation TuxedoOracle Tuxedo
Timeline
PublishedNov 14
Latest updateMay 17

Description

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/A

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDoracle/tuxedo4 versions+3
CVEListV5oracle_corporation/tuxedo4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-jj33-7j64-w253: Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core)2022-05-17
CVEList
CVE-2017-10266: Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core)2017-11-14