CVE-2017-10266

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: Nov 15, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-10266
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
oracle / tuxedo	12.2.2	12.2.2.x
oracle / tuxedo	12.1.3	12.1.3.x
oracle / tuxedo	11.1.1	11.1.1.x
oracle / tuxedo	12.1.1	12.1.1.x

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html
http://www.securityfocus.com/bid/101852

Vulnerability Database

289,689

CVE-2017-10266