What is the severity of CVE-2017-3528?

CVE-2017-3528 is classified as an easily exploitable vulnerability that allows unauthenticated attackers to compromise the Oracle Applications Framework.

How do I fix CVE-2017-3528?

To fix CVE-2017-3528, it is recommended to apply the latest patch provided by Oracle for the affected versions of the Oracle Applications Framework.

Which versions are affected by CVE-2017-3528?

CVE-2017-3528 affects Oracle Applications Framework versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6.

What components are impacted by CVE-2017-3528?

CVE-2017-3528 specifically impacts popup windows including lists of values and datepickers within the Oracle Applications Framework.

Are there specific mitigations for CVE-2017-3528?

While the primary mitigation for CVE-2017-3528 is patching, organizations should also review their access controls to limit exposure.

Vulnerability/
CVE-2017-3528

medium

5.8

CWE

601

24/4/2017

7/10/2024

CVE-2017-3528

First published: Mon Apr 24 2017(Updated: )

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle Application Development Framework	=12.1.3
Oracle Application Development Framework	=12.2.3
Oracle Application Development Framework	=12.2.4
Oracle Application Development Framework	=12.2.5
Oracle Application Development Framework	=12.2.6

Remedy

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3528?
CVE-2017-3528 is classified as an easily exploitable vulnerability that allows unauthenticated attackers to compromise the Oracle Applications Framework.
How do I fix CVE-2017-3528?
To fix CVE-2017-3528, it is recommended to apply the latest patch provided by Oracle for the affected versions of the Oracle Applications Framework.
Which versions are affected by CVE-2017-3528?
CVE-2017-3528 affects Oracle Applications Framework versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6.
What components are impacted by CVE-2017-3528?
CVE-2017-3528 specifically impacts popup windows including lists of values and datepickers within the Oracle Applications Framework.
Are there specific mitigations for CVE-2017-3528?
While the primary mitigation for CVE-2017-3528 is patching, organizations should also review their access controls to limit exposure.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/remedy
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/oracle
canonical/oracle application development framework
version/oracle application development framework/12.1.3
version/oracle application development framework/12.2.3
version/oracle application development framework/12.2.4
version/oracle application development framework/12.2.5
version/oracle application development framework/12.2.6