CVE-2017-3246

5 documents4 sources

Severity

6.0MEDIUM

EPSS

0.1%

top 72.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Object Library

Timeline

PublishedJan 27

Latest updateMay 13

Description

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5oracle/application_object_library5 versions+4

▶NVDoracle/application_object_library5 versions+4

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-c4pm-f96v-w332: Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching)↗2022-05-13

▶

CVEList

CVE-2017-3246: Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching)↗2017-01-27

▶

💬Community

Bugzilla

CVE-2017-18198 libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c↗2018-02-27

▶

Bugzilla

CVE-2017-18199 libcdio: NULL pointer dereference in realloc_symlink in rock.c↗2018-02-27

▶