CVE-2017-3487

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS v3 3.1 LOW
CVSS v2.0 3.5 LOW

3.1^/10

CVSS v3 : LOW

Vector : AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/97871	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038304

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.3:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.2.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:::::::*

History

No history.

Information

Published : 2017-04-24 19:59

Updated : 2023-12-10 12:01

NVD link : CVE-2017-3487

Mitre link : CVE-2017-3487

CVE.ORG link : CVE-2017-3487

JSON object : View

Products Affected

oracle

flexcube_investor_servicing

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-3487", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2017-04-24T19:59:02.393", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/97871", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1038304", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Unit Trust). Versiones compatibles que son afectadas son 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E280A03-DE42-415B-8B0C-3C16941FF80E"}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9058C7C8-54CE-42C5-8D41-BD0074BA0F58"}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2ECA56F-B305-4CEF-8DF0-4D757DC956F5"}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A"}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1000A73E-BFB4-47BB-BCA7-4CF0C2C76B8C"}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}