CVE-2017-3601

3 documents3 sources
Severity
8.1HIGH
EPSS
1.4%
top 19.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation API GatewayOracle API Gateway
Timeline
PublishedApr 24
Latest updateMay 13

Description

Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to criti

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDoracle/api_gateway11.1.2.4.0
CVEListV5oracle_corporation/api_gateway11.1.2.4.0

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-4g25-3f9h-78mq: Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway)2022-05-13
CVEList
CVE-2017-3601: Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway)2017-04-24
CVE-2017-3601 (HIGH CVSS 8.1) | Vulnerability in the Oracle API Gat | cvebase.io