CVE-2017-3537
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). Supported versions that are affected are 2.2.0.3.13, 2.3.0.0 and 2.3.0.1. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Real-Time Scheduler. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Real-Time Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Real-Time Scheduler accessible data as well as unauthorized read access to a subset of Oracle Real-Time Scheduler accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Vulnerabilidad en el componente Oracle Real-Time Scheduler de Oracle Utilities Applications (subcomponente: Mobile Communications Platform). Versiones compatibles que son afectadas son 2.2.0.3.13, 2.3.0.0 y 2.3.0.1. Vulnerabilidad fácilmente explotable permite a atacante autenticado con acceso a la red a través de HTTP comprometer Oracle Real-Time Scheduler. Los ataques exitosos requieren la interacción humana de una persona más que un atacante y mientras la vulnerabilidad está en Oracle Real-Time Scheduler, los ataques pueden afectar significativamente a otros productos. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a actualizaciones no autorizadas, insertar o eliminar acceso a algunos de los datos accesibles de Oracle Real-Time Scheduler así como al acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Real-Time Scheduler. CVSS 3.0 Puntuación Base 6.1 (Impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2016-12-06 CVE Reserved
- 2017-04-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-10-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97876 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | 2019-10-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Real-time Scheduler Search vendor "Oracle" for product "Real-time Scheduler" | 2.2.0.3.13 Search vendor "Oracle" for product "Real-time Scheduler" and version "2.2.0.3.13" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Real-time Scheduler Search vendor "Oracle" for product "Real-time Scheduler" | 2.3.0.0 Search vendor "Oracle" for product "Real-time Scheduler" and version "2.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Real-time Scheduler Search vendor "Oracle" for product "Real-time Scheduler" | 2.3.0.1 Search vendor "Oracle" for product "Real-time Scheduler" and version "2.3.0.1" | - |
Affected
| ||||||