Vulnerability Database

309,134

Total vulnerabilities in the database

CVE-2017-10186

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: Aug 8, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-10186
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / istore	12.2.5	12.2.5.x
oracle / istore	12.2.4	12.2.4.x
oracle / istore	12.1.2	12.1.2.x
oracle / istore	12.1.3	12.1.3.x
oracle / istore	12.1.1	12.1.1.x
oracle / istore	12.2.6	12.2.6.x
oracle / istore	12.2.3	12.2.3.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo