CVE-2017-10270
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Identity Manager Connector executes to compromise Oracle Identity Manager Connector. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager Connector, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.0 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H).
Vulnerabilidad en el componente Oracle Identity Manager Connector de Oracle Fusion Middleware (subcomponente: Microsoft Active Directory). La versión compatible afectada es la 9.1.1.5.0. Una vulnerabilidad fácilmente explotable permite que un atacante sin autenticar y permisos de inicio de sesión en la infraestructura en la que se ejecuta Oracle Identity Manager Connector comprometa la seguridad de Oracle Identity Manager Connector. Para que los ataques tengan éxito, se necesita la participación de otra persona diferente del atacante y, aunque la vulnerabilidad está presente en Oracle Identity Manager Connector, los ataques podrían afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso de creación, supresión o modificación de datos críticos o un acceso completo a todos los datos accesibles de Oracle Identity Manager Connector y la capacidad sin autorización para provocar un bloqueo o un cierre inesperado frecuente (DOS completo) de Oracle Identity Manager Connector. CVSS 3.0 Base Score 8.2 (impactos en la integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2017-06-21 CVE Reserved
- 2017-10-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-10-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/101313 | Third Party Advisory | |
http://www.securitytracker.com/id/1039602 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Identity Manager Connector Search vendor "Oracle" for product "Identity Manager Connector" | 9.1.1.5.0 Search vendor "Oracle" for product "Identity Manager Connector" and version "9.1.1.5.0" | - |
Affected
|