CVE-2017-3278 — Oracle One-to-one Fulfillment vulnerability

3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.7%

top 26.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle One-to-one Fulfillment

Timeline

PublishedJan 27

Latest updateMay 13

Description

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact addi…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5oracle/one-to-one_fulfillment12.1.3

▶NVDoracle/one-to-one_fulfillment12.1.3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-h7r9-j52x-8c2q: Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation)↗2022-05-13

▶

CVEList

CVE-2017-3278: Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation)↗2017-01-27

▶