CVE-2017-10324

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: Oct 19, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-10324
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
oracle / e-business_suite_technology_stack	12.2.7	12.2.7.x
oracle / e-business_suite_technology_stack	12.2.4	12.2.4.x
oracle / e-business_suite_technology_stack	12.1.3	12.1.3.x
oracle / e-business_suite_technology_stack	12.2.3	12.2.3.x
oracle / e-business_suite_technology_stack	12.2.6	12.2.6.x
oracle / e-business_suite_technology_stack	12.2.5	12.2.5.x

Vulnerability Database

289,599

CVE-2017-10324