Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-17-025
HistoryDec 23, 2016 - 12:00 a.m.

AUTH BYPASS For File Downloading - Oracle E-Business Suite

2016-12-2300:00:00
erpscan.io
582

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Application: Oracle E-Business Suite **Versions Affected:**Oracle E-Business Suite 12.2.3 Vendor:Oracle **Bugs:**AUTH BYPASS **Reported:**23.12.2016 **Vendor response:**24.12.2016 **Date of Public Advisory:**18.04.2017 **Reference: **Oracle CPU April 2017 Authors: Alexey Tyurin (ERPScan), Ivan Chalykin (ERPScan)

VULNERABILITY INFORMATION

Class: AUTH BYPASS
Impact: File Downloading
Remotely Exploitable: yes
Locally Exploitable: yes
CVE: CVE-2017-3556

CVSS Information

CVSS Base Score v3: 5.3 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality Low (L)
I: Impact to Integrity None (N)
A: Impact to Availability None (N)

VULNERABILITY DESCRIPTION

An attacker can bypass authorization checks and download files stored in E-Business Suite.

VULNERABLE PACKAGES

Oracle E-Business Suite 12.2.3

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, implement Oracle CPU April 2017

TECHNICAL DESCRIPTION

Proof of Concept

Vulnerable URL:

http://victim_ebs_server/OA_HTML/fndgfm.jsp?mode=download_blob&fid=1&mac=t

This JSP allows downloading files from the system without authorization checking. For a successful attack, an attacker needs to enumerate the fid parameter.

Related

prion 1
cve 1
nessus 1
oracle 1
prion
prion
Design/Logic Flaw
2017-04-24 19:59:00
cve
cve
CVE-2017-3556
2017-04-24 19:59:00
nessus
nessus
Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)
2017-04-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON
Related for ERPSCAN-17-025
prion1cve1nessus1oracle1