Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3528

CWE-601Open Redirect7 documents6 sources
Severity
5.4MEDIUM
EPSS
43.2%
top 2.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Applications FrameworkOracle Applications Framework
Timeline
PublishedApr 24
Latest updateMay 13

Description

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Ora

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-hcw2-v6gc-xmm9: Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc2022-05-13
OSV
ruby2.0 regression2021-03-25
OSV
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities2018-06-13
CVEList
CVE-2017-3528: Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc2017-04-24

💥Exploits & PoCs

2
Exploit-DB
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect2018-01-15
Nuclei
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
CVE-2017-3528 (MEDIUM CVSS 5.4) | Vulnerability in the Oracle Applica | cvebase.io