Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-10273

CWE-22Path Traversal4 documents4 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 66.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation JdeveloperOracle Jdeveloper
Timeline
PublishedJan 18
Latest updateMay 14

Description

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:LExploitability: 0.6 | Impact: 3.7

Affected Packages2 packages

NVDoracle/jdeveloper6 versions+5
CVEListV5oracle_corporation/jdeveloper6 versions+5

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-4qr8-xvfr-96r5: Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment)2022-05-14
CVEList
CVE-2017-10273: Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment)2018-01-18

💥Exploits & PoCs

1
Exploit-DB
Oracle JDeveloper 11.1.x/12.x - Directory Traversal2018-01-21
CVE-2017-10273 (MEDIUM CVSS 4.7) | Vulnerability in the Oracle JDevelo | cvebase.io