Description
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Affected Software
Related
{"id": "CVE-2017-10172", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2017-10172", "description": "Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "published": "2017-08-08T15:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10172", "reporter": "secalert_us@oracle.com", "references": ["http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "http://www.securitytracker.com/id/1038944", "http://www.securityfocus.com/bid/99737"], "cvelist": ["CVE-2017-10172"], "immutableFields": [], "lastseen": "2023-02-08T15:41:34", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "oracle", "idList": ["ORACLE:CPUJUL2017"]}]}, "score": {"value": 4.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "oracle", "idList": ["ORACLE:CPUJUL2017"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "oracle retail open commerce platform cloud service", "version": 15}, {"name": "oracle retail open commerce platform cloud service", "version": 5}, {"name": "oracle retail open commerce platform cloud service", "version": 5}, {"name": "oracle retail open commerce platform cloud service", "version": 5}, {"name": "oracle retail open commerce platform cloud service", "version": 5}, {"name": "oracle retail open commerce platform cloud service", "version": 6}, {"name": "oracle retail open commerce platform cloud service", "version": 6}, {"name": "oracle retail open commerce platform cloud service", "version": 15}]}, "epss": [{"cve": "CVE-2017-10172", "epss": "0.001430000", "percentile": "0.484280000", "modified": "2023-03-14"}], "vulnersScore": 4.0}, "_state": {"dependencies": 1675870906, "score": 1675871070, "affected_software_major_version": 1677268883, "epss": 1678838010}, "_internal": {"score_hash": "5265ed7d943ba92611b8ea97d0aba1e4"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:oracle:retail_open_commerce_platform_cloud_service:5.3", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:6.1", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:5.2", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:15.1", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:5.0", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:15.0", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:5.1", "cpe:/a:oracle:retail_open_commerce_platform_cloud_service:6.0"], "cpe23": ["cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:15.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "5.3", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "15.0", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "5.1", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "6.1", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "6.0", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "5.2", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "5.0", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}, {"cpeName": "oracle:retail_open_commerce_platform_cloud_service", "version": "15.1", "operator": "eq", "name": "oracle retail open commerce platform cloud service"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:15.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:6.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:6.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:5.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform_cloud_service:15.1:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://www.securitytracker.com/id/1038944", "name": "1038944", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.securityfocus.com/bid/99737", "name": "99737", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}], "product_info": [{"vendor": "Oracle Corporation", "product": "Retail Open Commerce Platform Cloud Service"}]}
{"oracle": [{"lastseen": "2021-10-22T15:44:24", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-20T00:00:00", "title": "Oracle Critical Patch Update Advisory - July 2017", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10230", "CVE-2017-10226", "CVE-2017-10193", "CVE-2017-10063", "CVE-2017-10031", "CVE-2017-3562", "CVE-2015-5254", "CVE-2017-10228", "CVE-2017-10248", "CVE-2015-1792", "CVE-2014-3566", "CVE-2017-3637", "CVE-2017-10235", "CVE-2017-10088", "CVE-2015-0235", "CVE-2017-10171", "CVE-2017-10196", "CVE-2017-10239", "CVE-2017-10208", "CVE-2017-10231", "CVE-2017-3638", "CVE-2017-10192", "CVE-2017-10001", "CVE-2016-4431", "CVE-2014-1912", "CVE-2017-10211", "CVE-2016-4436", "CVE-2016-5385", "CVE-2017-10143", "CVE-2015-3197", "CVE-2017-10175", "CVE-2017-10202", "CVE-2017-10244", "CVE-2017-10179", "CVE-2017-3642", "CVE-2017-10028", "CVE-2017-10160", "CVE-2016-5019", "CVE-2017-10012", "CVE-2017-10246", "CVE-2017-10134", "CVE-2017-3529", "CVE-2016-6306", "CVE-2017-10229", "CVE-2015-1789", "CVE-2016-2183", "CVE-2017-10075", "CVE-2017-10147", "CVE-2017-10207", "CVE-2017-10113", "CVE-2016-4438", "CVE-2017-10149", "CVE-2017-5689", "CVE-2015-0286", "CVE-2017-10238", "CVE-2016-2178", "CVE-2017-10015", "CVE-2017-3639", "CVE-2017-10241", "CVE-2017-10141", "CVE-2017-10236", "CVE-2017-10069", "CVE-2017-10222", "CVE-2015-3195", "CVE-2017-10220", "CVE-2017-10087", "CVE-2016-2108", "CVE-2017-10250", "CVE-2017-3632", "CVE-2017-10204", "CVE-2013-2027", "CVE-2017-10036", "CVE-2016-3092", "CVE-2014-3571", "CVE-2016-4465", "CVE-2017-10093", "CVE-2017-10064", "CVE-2016-6302", "CVE-2017-3652", "CVE-2017-10076", "CVE-2017-10198", "CVE-2017-10095", "CVE-2017-10006", "CVE-2017-10247", "CVE-2017-10119", "CVE-2017-10234", "CVE-2017-10169", "CVE-2017-3646", "CVE-2017-3648", "CVE-2017-10128", "CVE-2016-2177", "CVE-2017-10121", "CVE-2017-10213", "CVE-2017-10043", "CVE-2017-10144", "CVE-2014-0224", "CVE-2017-10209", "CVE-2016-0635", "CVE-2016-2105", "CVE-2017-10106", "CVE-2017-10186", "CVE-2017-10123", "CVE-2016-4433", "CVE-2017-10052", "CVE-2017-10032", "CVE-2017-10005", "CVE-2015-8607", "CVE-2017-10224", "CVE-2016-2107", "CVE-2016-7055", "CVE-2017-10150", "CVE-2017-10168", "CVE-2017-10232", "CVE-2015-7501", "CVE-2017-10170", "CVE-2017-3649", "CVE-2017-10022", "CVE-2015-3253", "CVE-2017-10107", "CVE-2017-3731", "CVE-2017-10183", "CVE-2016-6307", "CVE-2017-10243", "CVE-2017-5638", "CVE-2016-2834", "CVE-2017-10215", "CVE-2017-10023", "CVE-2017-10242", "CVE-2017-10048", "CVE-2017-10079", "CVE-2016-6308", "CVE-2017-10145", "CVE-2017-10195", "CVE-2017-10070", "CVE-2016-2180", "CVE-2017-10142", "CVE-2017-10104", "CVE-2017-10062", "CVE-2017-10210", "CVE-2017-10201", "CVE-2017-10044", "CVE-2017-10133", "CVE-2017-5651", "CVE-2017-3645", "CVE-2017-10020", "CVE-2017-5647", "CVE-2015-8608", "CVE-2017-10085", "CVE-2016-5388", "CVE-2017-10184", "CVE-2016-2109", "CVE-2017-10255", "CVE-2017-10199", "CVE-2017-3633", "CVE-2017-10082", "CVE-2017-10126", "CVE-2017-10030", "CVE-2017-10135", "CVE-2016-2181", "CVE-2017-3647", "CVE-2017-10008", "CVE-2017-10021", "CVE-2017-10217", "CVE-2016-6304", "CVE-2017-10132", "CVE-2017-10136", "CVE-2017-10187", "CVE-2017-10212", "CVE-2017-3732", "CVE-2016-5386", "CVE-2017-10057", "CVE-2017-10094", "CVE-2017-10252", "CVE-2017-10218", "CVE-2017-10038", "CVE-2017-10191", "CVE-2017-10205", "CVE-2017-3644", "CVE-2017-10101", "CVE-2017-10249", "CVE-2017-10146", "CVE-2017-10237", "CVE-2017-10108", "CVE-2017-10090", "CVE-2016-1979", "CVE-2017-3643", "CVE-2017-10049", "CVE-2017-10004", "CVE-2017-10041", "CVE-2016-2381", "CVE-2016-4430", "CVE-2017-10103", "CVE-2017-10219", "CVE-2017-10061", "CVE-2015-1788", "CVE-2017-10129", "CVE-2017-10025", "CVE-2017-10180", "CVE-2017-10221", "CVE-2017-10019", "CVE-2017-10024", "CVE-2017-10010", "CVE-2017-10185", "CVE-2017-10189", "CVE-2017-10035", "CVE-2017-10111", "CVE-2017-10117", "CVE-2017-10100", "CVE-2017-10013", "CVE-2016-7052", "CVE-2017-10091", "CVE-2017-10178", "CVE-2017-10096", "CVE-2017-10045", "CVE-2017-10240", "CVE-2017-10016", "CVE-2017-10157", "CVE-2017-10040", "CVE-2017-10131", "CVE-2016-1950", "CVE-2017-10071", "CVE-2017-10254", "CVE-2017-10083", "CVE-2017-10003", "CVE-2011-2730", "CVE-2017-3651", "CVE-2017-10110", "CVE-2017-3650", "CVE-2017-3641", "CVE-2017-10097", "CVE-2017-10073", "CVE-2017-10002", "CVE-2017-10105", "CVE-2017-10253", "CVE-2017-10017", "CVE-2017-10056", "CVE-2017-10115", "CVE-2017-3635", "CVE-2017-10047", "CVE-2017-10046", "CVE-2016-1181", "CVE-2017-10114", "CVE-2017-10058", "CVE-2017-10039", "CVE-2015-1790", "CVE-2017-10181", "CVE-2017-10027", "CVE-2017-10206", "CVE-2017-10245", "CVE-2016-6305", "CVE-2016-6303", "CVE-2017-10216", "CVE-2016-5387", "CVE-2017-10223", "CVE-2017-10233", "CVE-2017-10116", "CVE-2017-10200", "CVE-2017-10148", "CVE-2017-5650", "CVE-2017-10214", "CVE-2016-2182", "CVE-2017-10067", "CVE-2017-10078", "CVE-2017-10000", "CVE-2017-10092", "CVE-2017-10256", "CVE-2017-10257", "CVE-2017-10156", "CVE-2017-10074", "CVE-2017-10182", "CVE-2017-10059", "CVE-2017-10098", "CVE-2017-10053", "CVE-2017-10018", "CVE-2015-0254", "CVE-2017-10029", "CVE-2017-3653", "CVE-2015-7940", "CVE-2017-10137", "CVE-2017-10174", "CVE-2017-10225", "CVE-2017-10173", "CVE-2017-3640", "CVE-2017-10177", "CVE-2017-10081", "CVE-2016-3506", "CVE-2017-3636", "CVE-2017-10120", "CVE-2017-10258", "CVE-2017-10112", "CVE-2017-10042", "CVE-2017-10176", "CVE-2017-10122", "CVE-2017-10188", "CVE-2016-2179", "CVE-2017-10089", "CVE-2017-10109", "CVE-2017-10086", "CVE-2016-2106", "CVE-2017-3634", "CVE-2017-10130", "CVE-2017-10118", "CVE-2016-6814", "CVE-2017-10007", "CVE-2017-10080", "CVE-2017-10084", "CVE-2015-1791", "CVE-2017-10009", "CVE-2017-10125", "CVE-2016-6309", "CVE-2017-10072", "CVE-2017-10251", "CVE-2017-10102", "CVE-2017-10172", "CVE-2017-10011"], "modified": "2017-07-18T00:00:00", "id": "ORACLE:CPUJUL2017", "href": "https://www.oracle.com/security-alerts/cpujul2017.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2017-10172
