CVE-2017-3557 — Cross-site Scripting in Corporation One-to-one Fulfillment

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.1HIGHNVD

EPSS

1.9%

top 16.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation One-to-one Fulfillment Oracle One-to-one Fulfillment

Timeline

PublishedApr 24

Latest updateMay 13

Description

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks m…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

▶NVDoracle/one-to-one_fulfillment5 versions+4

▶CVEListV5oracle_corporation/one-to-one_fulfillment5 versions+4

🔴Vulnerability Details

GHSA

GHSA-xgf6-3v64-jvfv: Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server)↗2022-05-13

▶

CVEList

CVE-2017-3557: Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server)↗2017-04-24

▶