CVE-2017-10245 - Vulnerability Details - OpenCVE

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Oracle	General Ledger

Configuration 1 [-]

OR	cpe:2.3:a:oracle:general_ledger:12.1.1:::::::*
	cpe:2.3:a:oracle:general_ledger:12.1.2:::::::*
	cpe:2.3:a:oracle:general_ledger:12.1.3:::::::*
	cpe:2.3:a:oracle:general_ledger:12.2.3:::::::*
	cpe:2.3:a:oracle:general_ledger:12.2.4:::::::*
	cpe:2.3:a:oracle:general_ledger:12.2.5:::::::*
	cpe:2.3:a:oracle:general_ledger:12.2.6:::::::*

No data.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/99690
http://www.securitytracker.com/id/1038926

History

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2017-08-08T15:00:00

Updated: 2024-10-04T17:05:14.745Z

Reserved: 2017-06-21T00:00:00

Link: CVE-2017-10245

Vulnrichment

Updated: 2024-08-05T17:33:16.928Z

NVD

Status : Deferred

Published: 2017-08-08T15:29:07.240

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-10245

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "General Ledger", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "12.1.1"}, {"status": "affected", "version": "12.1.2"}, {"status": "affected", "version": "12.1.3"}, {"status": "affected", "version": "12.2.3"}, {"status": "affected", "version": "12.2.4"}, {"status": "affected", "version": "12.2.5"}, {"status": "affected", "version": "12.2.6"}]}], "datePublic": "2017-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "problemTypes": [{"descriptions": [{"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-09T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "99690", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99690"}, {"name": "1038926", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038926"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-10245", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "General Ledger", "version": {"version_data": [{"version_affected": "=", "version_value": "12.1.1"}, {"version_affected": "=", "version_value": "12.1.2"}, {"version_affected": "=", "version_value": "12.1.3"}, {"version_affected": "=", "version_value": "12.2.3"}, {"version_affected": "=", "version_value": "12.2.4"}, {"version_affected": "=", "version_value": "12.2.5"}, {"version_affected": "=", "version_value": "12.2.6"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data."}]}]}, "references": {"reference_data": [{"name": "99690", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99690"}, {"name": "1038926", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038926"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:33:16.928Z"}, "title": "CVE Program Container", "references": [{"name": "99690", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99690"}, {"name": "1038926", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038926"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T15:36:14.130260Z", "id": "CVE-2017-10245", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T17:05:14.745Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10245", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T17:05:14.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/99690", "name": "99690", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1038926", "name": "1038926", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:33:16.928Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-10245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T15:36:14.130260Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T15:36:35.742Z"}}], "cna": {"affected": [{"vendor": "Oracle Corporation", "product": "General Ledger", "versions": [{"status": "affected", "version": "12.1.1"}, {"status": "affected", "version": "12.1.2"}, {"status": "affected", "version": "12.1.3"}, {"status": "affected", "version": "12.2.3"}, {"status": "affected", "version": "12.2.4"}, {"status": "affected", "version": "12.2.5"}, {"status": "affected", "version": "12.2.6"}]}], "datePublic": "2017-07-18T00:00:00", "references": [{"url": "http://www.securityfocus.com/bid/99690", "name": "99690", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securitytracker.com/id/1038926", "name": "1038926", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data."}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2017-08-09T09:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "12.1.1", "version_affected": "="}, {"version_value": "12.1.2", "version_affected": "="}, {"version_value": "12.1.3", "version_affected": "="}, {"version_value": "12.2.3", "version_affected": "="}, {"version_value": "12.2.4", "version_affected": "="}, {"version_value": "12.2.5", "version_affected": "="}, {"version_value": "12.2.6", "version_affected": "="}]}, "product_name": "General Ledger"}]}, "vendor_name": "Oracle Corporation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/99690", "name": "99690", "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1038926", "name": "1038926", "refsource": "SECTRACK"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-10245", "STATE": "PUBLIC", "ASSIGNER": "[email protected]"}}}}, "cveMetadata": {"cveId": "CVE-2017-10245", "state": "PUBLISHED", "dateUpdated": "2024-10-04T17:05:14.745Z", "dateReserved": "2017-06-21T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2017-08-08T15:00:00", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:general_ledger:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "02272A60-6BE5-4F13-BBC0-242885BA1212", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:general_ledger:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C081521-5324-4B88-88CA-5BB4E8FB46BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:general_ledger:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "290F71F8-F430-4F65-A6A6-C3BF3A8F3F01", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:general_ledger:12.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "969B5917-7D01-4900-B49D-F3454FF7CF2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:general_ledger:12.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FF27C478-4091-487B-8B66-D0708445CF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:general_ledger:12.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "24376F3B-FA25-4171-AC58-9214AAD5695B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:general_ledger:12.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "154EBC09-223E-44E7-9441-C5D8A65809FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle General Ledger de Oracle E-Business Suite (subcomponente: Account Hierarchy Manager). Las versiones compatibles que se han visto afectadas son la 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y la 12.2.6. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Oracle General Ledger. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Oracle General Ledger. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "id": "CVE-2017-10245", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-08-08T15:29:07.240", "references": [{"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99690"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038926"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}