Details of VAR-201701-0882

ID

VAR-201701-0882

CVE

CVE-2017-3303

TITLE

Oracle E-Business Suite of Oracle XML Gateway In Oracle Transport Agent Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-001279

DESCRIPTION

Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). The vulnerability can be exploited over the 'HTTP' protocol. The software provides functions such as customer relationship management, service management, and financial management

Trust: 2.07

sources: NVD: CVE-2017-3303 // JVNDB: JVNDB-2017-001279 // BID: 95602 // VULHUB: VHN-111506 // VULMON: CVE-2017-3303

AFFECTED PRODUCTS

vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.2.5	Trust: 1.6
vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.2.6	Trust: 1.6
vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.2.3	Trust: 1.6
vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.1.3	Trust: 1.6
vendor:	oracle	model:	xml gateway	scope:	eq	version:	12.2.4	Trust: 1.6
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.6	Trust: 1.1
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.3	Trust: 1.1
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.2	Trust: 1.1
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.1	Trust: 1.1
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.5	Trust: 1.1
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.4	Trust: 1.1
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.3	Trust: 1.1
vendor:	oracle	model:	xml gateway	scope:	-	version:	-	Trust: 0.8

sources: BID: 95602 // JVNDB: JVNDB-2017-001279 // CNNVD: CNNVD-201701-659 // NVD: CVE-2017-3303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3303
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3303
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201701-659
value:	HIGH
Trust: 0.6
VULHUB:	VHN-111506
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-3303
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3303
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-111506
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3303
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-111506 // VULMON: CVE-2017-3303 // JVNDB: JVNDB-2017-001279 // CNNVD: CNNVD-201701-659 // NVD: CVE-2017-3303

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-111506 // JVNDB: JVNDB-2017-001279 // NVD: CVE-2017-3303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-659

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201701-659

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001279

PATCH

title:	Oracle Critical Patch Update Advisory - January 2017	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2017 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpujan2017verbose-2881728.html	Trust: 0.8
title:	Oracle E-Business Suite Oracle XML Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67254	Trust: 0.6
title:	Oracle: Oracle Critical Patch Update Advisory - January 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=69e9536e77203a3c76b24dd89f4f9300	Trust: 0.1

sources: VULMON: CVE-2017-3303 // JVNDB: JVNDB-2017-001279 // CNNVD: CNNVD-201701-659

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3303	Trust: 2.9
db:	BID	id:	95602	Trust: 2.1
db:	SECTRACK	id:	1037639	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-001279	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-659	Trust: 0.7
db:	VULHUB	id:	VHN-111506	Trust: 0.1
db:	VULMON	id:	CVE-2017-3303	Trust: 0.1

sources: VULHUB: VHN-111506 // VULMON: CVE-2017-3303 // BID: 95602 // JVNDB: JVNDB-2017-001279 // CNNVD: CNNVD-201701-659 // NVD: CVE-2017-3303

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	Trust: 2.2
url:	http://www.securityfocus.com/bid/95602	Trust: 1.9
url:	http://www.securitytracker.com/id/1037639	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3303	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3303	Trust: 0.8
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=52342	Trust: 0.1

sources: VULHUB: VHN-111506 // VULMON: CVE-2017-3303 // BID: 95602 // JVNDB: JVNDB-2017-001279 // CNNVD: CNNVD-201701-659 // NVD: CVE-2017-3303

CREDITS

Oracle

Trust: 0.9

sources: BID: 95602 // CNNVD: CNNVD-201701-659

SOURCES

db:	VULHUB	id:	VHN-111506
db:	VULMON	id:	CVE-2017-3303
db:	BID	id:	95602
db:	JVNDB	id:	JVNDB-2017-001279
db:	CNNVD	id:	CNNVD-201701-659
db:	NVD	id:	CVE-2017-3303

LAST UPDATE DATE

2025-04-20T23:05:46.524000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-111506	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-3303	date:	2019-10-03T00:00:00
db:	BID	id:	95602	date:	2017-01-23T01:09:00
db:	JVNDB	id:	JVNDB-2017-001279	date:	2017-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201701-659	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3303	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-111506	date:	2017-01-27T00:00:00
db:	VULMON	id:	CVE-2017-3303	date:	2017-01-27T00:00:00
db:	BID	id:	95602	date:	2017-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-001279	date:	2017-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201701-659	date:	2017-01-20T00:00:00
db:	NVD	id:	CVE-2017-3303	date:	2017-01-27T22:59:04.257