← voltar
CVE-2017-10246

CVE-2017-10246

EPSS 13.9%
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
Produtos afetados
Oracle Corporation · Application Object Library
PoCs públicas encontradas2
cve_referencewww.exploit-db.com/exploits/42340/não verificadoexploitdbwww.exploit-db.com/exploits/42340não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.exploit-db.com/exploits/42340/http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.securityfocus.com/bid/99625http://www.securitytracker.com/id/1038926