Skip to main content

Security Service CVE-2017-10166

LOW
2017-10-19 secalert_us@oracle.com
3.7
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 19, 2017 - 17:29 cve.org
LOW 3.7

DescriptionCVE.org

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

AnalysisAI

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Technical ContextAI

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Affected products include: Oracle Security Service, Oracle Security Service Fmw.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-11058 CRITICAL
9.8 Sep 14

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C

CVE-2020-5360 HIGH
7.5 Dec 16

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high s

CVE-2018-15769 HIGH
7.5 Nov 16

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series)

CVE-2018-11054 HIGH
7.5 Aug 31

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. Rated high severity (CVSS 7.5)

CVE-2018-2765 HIGH
7.5 Apr 19

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Rated

CVE-2020-14655 MEDIUM
6.5 Jul 15

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). Rated medium seve

CVE-2018-11056 MEDIUM
6.5 Aug 31

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5

CVE-2020-14530 MEDIUM
5.9 Jul 15

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). Rated medium severit

CVE-2018-11057 MEDIUM
5.9 Aug 31

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Tim

CVE-2018-11055 MEDIUM
5.5 Aug 31

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper

Share

CVE-2017-10166 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy