CVE-2017-3493
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. While the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerabilidad en el componente Oracle FLEXCUBE Enterprise Limits and Collateral Management de Oracle Financial Services Applications (subcomponente: Infrastructure). Versiones compatibles que son afectadas son 12.0.0 y 12.1.0. Vulnerabilidad fácilmente explotable permite a atacantes de bajo privilegio con acceso a la red a través de HTTP comprometer los límites de Oracle FLEXCUBE y la gestión de garantías. Aunque la vulnerabilidad está en Oracle FLEXCUBE Enterprise Limits y Collateral Management, los ataques pueden afectar significativamente a otros productos. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Enterprise Limits y Collateral Management y capacidad no autorizada para provocar una denegación parcial de servicio de Oracle FLEXCUBE Enterprise Limits y Collateral Management. CVSS 3.0 Base Score 8.5 (Confidencialidad e Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2016-12-06 CVE Reserved
- 2017-04-24 CVE Published
- 2024-10-07 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97726 | Third Party Advisory | |
http://www.securitytracker.com/id/1038304 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Flexcube Enterprise Limits And Collateral Management Search vendor "Oracle" for product "Flexcube Enterprise Limits And Collateral Management" | 12.0.0 Search vendor "Oracle" for product "Flexcube Enterprise Limits And Collateral Management" and version "12.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Flexcube Enterprise Limits And Collateral Management Search vendor "Oracle" for product "Flexcube Enterprise Limits And Collateral Management" | 12.1.0 Search vendor "Oracle" for product "Flexcube Enterprise Limits And Collateral Management" and version "12.1.0" | - |
Affected
|