### [CVE-2017-3278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3278)
![](https://img.shields.io/static/v1?label=Product&message=One-to-One%20Fulfillment&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CVSS%3A3.0%2FAV%3AN%2FAC%3AL%2FPR%3AN%2FUI%3AR%2FS%3AC%2FC%3AH%2FI%3AL%2FA%3AN&color=brighgreen)

### Description

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

#### Github
No PoCs found on GitHub currently.