Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-17-026
HistoryDec 23, 2016 - 12:00 a.m.

XSS - Oracle E-Business Suite JTFFMPRINTSERVER

2016-12-2300:00:00
erpscan.io
604

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:C/A:N

0.002 Low

EPSS

Percentile

51.8%

JSON

Application: Oracle E-Business Suite **Versions Affected:**Oracle E-Business Suite 12.2.3 Vendor:Oracle **Bugs:**XSS **Reported:**23.12.2016 **Vendor response:**24.12.2016 **Date of Public Advisory:**18.04.2017 **Reference: **Oracle CPU April 2017 Authors: Ivan Chalykin (ERPScan)

VULNERABILITY INFORMATION

Class: XSS
Impact: modify displayed content from a Web site, steal authentication information of a user
Remotely Exploitable: yes
Locally Exploitable: yes
CVE: CVE-2017-3557

CVSS Information

CVSS Base Score v3: 7.1 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) Required ®
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality Low (L)
I: Impact to Integrity High (H)
A: Impact to Availability None (N)

VULNERABILITY DESCRIPTION

An attacker can use a special HTTP request to hijack session data of administrators or users of the web application.

VULNERABLE PACKAGES

Oracle E-Business Suite 12.2.3

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, implement Oracle CPU April 2017

TECHNICAL DESCRIPTION

The “Oracle Fulfillment Management: Print Servers” component is vulnerable to a Stored XSS attack due to the lack of sanitizing of “Print Server Name” and “Connection String” parameters.

Vulnerable URL:

http://victim_ebs_server/OA_HTML/jtffmprintserver.jsp

To reproduce the attack, you need to create a print server with XSS vector in the vulnerable parameters. This JSP is available for all E-Business Suite users.

Related

prion 1
cve 1
nessus 1
oracle 1
prion
prion
Design/Logic Flaw
2017-04-24 19:59:00
cve
cve
CVE-2017-3557
2017-04-24 19:59:00
nessus
nessus
Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)
2017-04-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:C/A:N

0.002 Low

EPSS

Percentile

51.8%

JSON
Related for ERPSCAN-17-026
prion1cve1nessus1oracle1