cvelist/2017/10xxx/CVE-2017-10328.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "secalert_us@oracle.com",
      "ID" : "CVE-2017-10328",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Application Object Library",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_affected" : "=",
                                 "version_value" : "12.1.3"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "12.2.3"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "12.2.4"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "12.2.5"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "12.2.6"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "12.2.7"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Oracle Corporation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data."
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            "refsource" : "CONFIRM",
            "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
         },
         {
            "name" : "101372",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/101372"
         },
         {
            "name" : "1039592",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1039592"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`"ASSIGNER" : "secalert_us@oracle.com",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-10328",`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
- Synchronized data. 2017-10-20 06:03:56 -04:00			`"product_name" : "Application Object Library",`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`"version" : {`
			`"version_data" : [`
			`{`
- Synchronized data. 2017-10-20 06:03:56 -04:00			`"version_affected" : "=",`
			`"version_value" : "12.1.3"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "12.2.3"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "12.2.4"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "12.2.5"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "12.2.6"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "12.2.7"`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
- Synchronized data. 2017-10-20 06:03:56 -04:00			`"vendor_name" : "Oracle Corporation"`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2017-10-19 13:07:28 -04:00			"value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2017-10-20 06:03:56 -04:00			`"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data."`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"`
- Synchronized data. 2017-10-20 07:04:28 -04:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "101372",`
			`"refsource" : "BID",`
- Synchronized data. 2017-10-20 07:04:28 -04:00			`"url" : "http://www.securityfocus.com/bid/101372"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "1039592",`
			`"refsource" : "SECTRACK",`
- Synchronized data. 2017-10-20 07:04:28 -04:00			`"url" : "http://www.securitytracker.com/id/1039592"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`