Lucene search

OracleCVE-2017-3311

HistoryJan 27, 2017 - 10:59 p.m.

CVE-2017-3311

2017-01-2722:59:04

oracle

web.nvd.nist.gov

cve-2017-3311

application testing suite

oracle

enterprise manager

grid control

test manager

web apps

vulnerability

security

cvss

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

55.6%

JSON

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts).

Affected configurations

Nvd

Vulners

Node

oracleapplication_testing_suiteMatch12.4.0.2

oracleapplication_testing_suiteMatch12.5.0.2

oracleapplication_testing_suiteMatch12.5.0.3

VendorProductVersionCPE
oracleapplication_testing_suite12.4.0.2cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*
oracleapplication_testing_suite12.5.0.2cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
oracleapplication_testing_suite12.5.0.3cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	application_testing_suite	12.4.0.2	cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:::::::*
oracle	application_testing_suite	12.5.0.2	cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:::::::*
oracle	application_testing_suite	12.5.0.3	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*

CNA Affected

[
  {
    "product": "Application Testing Suite",
    "vendor": "Oracle",
    "versions": [
      {
        "status": "affected",
        "version": "12.5.0.3"
      },
      {
        "status": "affected",
        "version": "12.5.0.2"
      },
      {
        "status": "affected",
        "version": "12.4.0.2"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

www.securityfocus.com/bid/95584

www.securitytracker.com/id/1037633

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

55.6%

JSON

Related for CVE-2017-3311