VAR-201701-0882
Vulnerability from variot - Updated: 2025-04-20 23:05Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). The vulnerability can be exploited over the 'HTTP' protocol. The software provides functions such as customer relationship management, service management, and financial management
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0882",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "xml gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "xml gateway",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "95602"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:e-business_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:xml_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "95602"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-3303",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-111506",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-3303",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3303",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-3303",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-659",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-111506",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-3303",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111506"
},
{
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The software provides functions such as customer relationship management, service management, and financial management",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "BID",
"id": "95602"
},
{
"db": "VULHUB",
"id": "VHN-111506"
},
{
"db": "VULMON",
"id": "CVE-2017-3303"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3303",
"trust": 2.9
},
{
"db": "BID",
"id": "95602",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1037639",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111506",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3303",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111506"
},
{
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"db": "BID",
"id": "95602"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"id": "VAR-201701-0882",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111506"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:05:46.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - January 2017",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2017 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017verbose-2881728.html"
},
{
"title": "Oracle E-Business Suite Oracle XML Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67254"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111506"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/95602"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1037639"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3303"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3303"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52342"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111506"
},
{
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"db": "BID",
"id": "95602"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111506"
},
{
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"db": "BID",
"id": "95602"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-111506"
},
{
"date": "2017-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"date": "2017-01-17T00:00:00",
"db": "BID",
"id": "95602"
},
{
"date": "2017-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"date": "2017-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"date": "2017-01-27T22:59:04.257000",
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-111506"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3303"
},
{
"date": "2017-01-23T01:09:00",
"db": "BID",
"id": "95602"
},
{
"date": "2017-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001279"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-659"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle E-Business Suite of Oracle XML Gateway In Oracle Transport Agent Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001279"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-659"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…