CVE-2017-3502 - Vulnerability Details - OpenCVE

Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Oracle	Peoplesoft Enterprise Fin Receivables

Configuration 1 [-]

cpe:2.3:a:oracle:peoplesoft_enterprise_fin_receivables:9.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.securityfocus.com/bid/97897
http://www.securitytracker.com/id/1038301

History

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2017-04-24T19:00:00

Updated: 2024-10-04T19:26:32.060Z

Reserved: 2016-12-06T00:00:00

Link: CVE-2017-3502

Vulnrichment

Updated: 2024-08-05T14:30:57.505Z

NVD

Status : Deferred

Published: 2017-04-24T19:59:02.877

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-3502

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PeopleSoft Enterprise FIN Receivables", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "9.2"}]}], "datePublic": "2017-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."}], "problemTypes": [{"descriptions": [{"description": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"name": "1038301", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038301"}, {"name": "97897", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97897"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-3502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PeopleSoft Enterprise FIN Receivables", "version": {"version_data": [{"version_affected": "=", "version_value": "9.2"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data."}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"name": "1038301", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038301"}, {"name": "97897", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97897"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:30:57.505Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"name": "1038301", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038301"}, {"name": "97897", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97897"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T16:20:18.289526Z", "id": "CVE-2017-3502", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T19:26:32.060Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-3502", "datePublished": "2017-04-24T19:00:00", "dateReserved": "2016-12-06T00:00:00", "dateUpdated": "2024-10-04T19:26:32.060Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1038301", "name": "1038301", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/97897", "name": "97897", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:30:57.505Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-3502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T16:20:18.289526Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T16:20:49.974Z"}}], "cna": {"affected": [{"vendor": "Oracle Corporation", "product": "PeopleSoft Enterprise FIN Receivables", "versions": [{"status": "affected", "version": "9.2"}]}], "datePublic": "2017-04-18T00:00:00", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securitytracker.com/id/1038301", "name": "1038301", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.securityfocus.com/bid/97897", "name": "97897", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data."}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2017-07-10T09:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "9.2", "version_affected": "="}]}, "product_name": "PeopleSoft Enterprise FIN Receivables"}]}, "vendor_name": "Oracle Corporation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1038301", "name": "1038301", "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/97897", "name": "97897", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-3502", "STATE": "PUBLIC", "ASSIGNER": "[email protected]"}}}}, "cveMetadata": {"cveId": "CVE-2017-3502", "state": "PUBLISHED", "dateUpdated": "2024-10-04T19:26:32.060Z", "dateReserved": "2016-12-06T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2017-04-24T19:00:00", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_receivables:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "94D16F65-CAFD-4672-B8EE-12B710740771", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise FIN Receivables component of Oracle PeopleSoft Products (subcomponent: Receivables). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Receivables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Receivables accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente PeopleSoft Enterprise FIN Receivables de Oracle PeopleSoft Products (subcomponente: Receivables). La versi\u00f3n soportada afectada es 9.2. Vulnerabilidad f\u00e1cil explotable permite a un atacante autenticado con acceso a la red a trav\u00e9s de HTTP comprometer a PeopleSoft Enterprise FIN Receivables. Los ataques exitosos de esta vulnerabilidad pueden provocar la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n de acceso no autorizados a algunos de los datos accesibles de PeopleSoft Enterprise FIN Receivables. CVSS 3.0 Base Score 5.3 (Integrity impacts). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."}], "id": "CVE-2017-3502", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-04-24T19:59:02.877", "references": [{"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97897"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1038301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038301"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}