Oracle Automatic Service Request CVE-2017-3237 Local Security Vulnerability

Oracle Automatic Service Request is prone to a local security vulnerability in Automatic Service Request (ASR).

The 'ASR Manager' sub component is affected.

This vulnerability affects the following supported versions:
Prior to 5.7

Information

Bugtraq ID: 97789
Class: Unknown
CVE: CVE-2017-3237

Remote: No
Local: Yes
Published: Apr 18 2017 12:00AM
Updated: Apr 19 2017 01:03AM
Credit: Peter Kostiuk of Salesforce.com
Vulnerable: Oracle Automatic Service Request 4.3.2
Oracle Automatic Service Request 4.3.1

Not Vulnerable: Oracle Automatic Service Request (ASR) 5.7

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

Oracle Homepage (Oracle)
Oracle Critical Patch Update Advisory - April 2017 (Oracle)

Source: www.securityfocus.com

Exploit Collector

Search Exploit