What is the severity of CVE-2017-10246?

CVE-2017-10246 has been classified as a high-severity vulnerability due to the potential for unauthenticated remote exploitation.

How do I fix CVE-2017-10246?

To fix CVE-2017-10246, users should apply the latest security patches provided by Oracle for affected versions of the Oracle Application Object Library.

Which versions of Oracle E-Business Suite are affected by CVE-2017-10246?

CVE-2017-10246 affects Oracle Application Object Library versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6.

What type of attack can exploit CVE-2017-10246?

CVE-2017-10246 can be exploited through a remote attack that allows unauthenticated users to perform unauthorized actions via HTTP.

Is user authentication required to exploit CVE-2017-10246?

No, CVE-2017-10246 allows exploitation by unauthenticated attackers, making it particularly concerning for systems connected to the internet.

Vulnerability/
CVE-2017-10246

high

8.2

8/8/2017

4/10/2024

CVE-2017-10246

First published: Tue Aug 08 2017(Updated: )

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle Application Object Library	=12.1.3
Oracle Application Object Library	=12.2.3
Oracle Application Object Library	=12.2.4
Oracle Application Object Library	=12.2.5
Oracle Application Object Library	=12.2.6

Remedy

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-10246?
CVE-2017-10246 has been classified as a high-severity vulnerability due to the potential for unauthenticated remote exploitation.
How do I fix CVE-2017-10246?
To fix CVE-2017-10246, users should apply the latest security patches provided by Oracle for affected versions of the Oracle Application Object Library.
Which versions of Oracle E-Business Suite are affected by CVE-2017-10246?
CVE-2017-10246 affects Oracle Application Object Library versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6.
What type of attack can exploit CVE-2017-10246?
CVE-2017-10246 can be exploited through a remote attack that allows unauthenticated users to perform unauthorized actions via HTTP.
Is user authentication required to exploit CVE-2017-10246?
No, CVE-2017-10246 allows exploitation by unauthenticated attackers, making it particularly concerning for systems connected to the internet.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/author
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/oracle
canonical/oracle application object library
version/oracle application object library/12.1.3
version/oracle application object library/12.2.3
version/oracle application object library/12.2.4
version/oracle application object library/12.2.5
version/oracle application object library/12.2.6