Oracle E-Business Suite CVE-2017-3337 Remote Security Vulnerability

Oracle E-Business Suite is prone to a remote security vulnerability in Oracle Marketing.

The vulnerability can be exploited over the 'HTTP' protocol. The 'User Interface' sub component is affected.

This vulnerability affects the following supported versions:
12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6

Information

Bugtraq ID: 97767
Class: Unknown
CVE: CVE-2017-3337

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 22 2017 02:04AM
Credit: Matias Mevied and Gaston Traberg of Onapsis
Vulnerable: Oracle E-Business Suite 12.2.6
Oracle E-Business Suite 12.2.3
Oracle E-Business Suite 12.1.2
Oracle E-Business Suite 12.1.1
Oracle E-Business Suite 12.2.5
Oracle E-Business Suite 12.2.4
Oracle E-Business Suite 12.1.3

Not Vulnerable:

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• Oracle Homepage (Oracle)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  

Source: www.securityfocus.com