CVE-2017-10267

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Published: Nov 15, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-10267
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
oracle / tuxedo	12.2.2	12.2.2.x
oracle / tuxedo	12.1.3	12.1.3.x
oracle / tuxedo	11.1.1	11.1.1.x
oracle / tuxedo	12.1.1	12.1.1.x

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html
http://www.securityfocus.com/bid/101875

Vulnerability Database

289,599

CVE-2017-10267