Published: 19/10/2017 Updated: 26/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle universal work queue 12.2.4
oracle universal work queue 12.1.3
oracle universal work queue 12.1.1
oracle universal work queue 12.2.6
oracle universal work queue 12.1.2
oracle universal work queue 12.2.5
oracle universal work queue 12.2.7
oracle universal work queue 12.2.3

Oracle Hospitality apps rolled out the Big Red carpet to crims

The Register • Richard Chirgwin • 18 Oct 2017

Brrrt! Brrrt! Brrrt! Big Red's bug gun targets 252 bugs, and you for not patching fast enough

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customer...

CVE-2017-10332

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect