Skip to main content

Tuxedo CVE-2017-10266

MEDIUM
Information Exposure (CWE-200)
2017-11-14 secalert_us@oracle.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2017 - 23:29 cve.org
MEDIUM 5.3

DescriptionCVE.org

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

AnalysisAI

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Affected products include: Oracle Tuxedo.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Tuxedo

View all
CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2019-0227 HIGH POC
7.5 May 01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2

CVE-2017-10269 CRITICAL
10.0 Nov 14

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated critical severity (

CVE-2017-10272 CRITICAL
9.9 Nov 14

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated critical severity (

CVE-2022-23307 HIGH
8.8 Jan 18

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Rated high severity (CVSS 8.8), th

CVE-2022-23302 HIGH
8.8 Jan 18

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write acce

CVE-2015-3197 MEDIUM
5.9 Feb 15

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which mak

CVE-2018-5407 MEDIUM POC
4.7 Nov 15

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks

CVE-2018-3007 HIGH
8.6 Jul 18

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated high severity (CVSS

CVE-2017-10267 HIGH
7.5 Nov 14

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Rated high severity (CVSS

CVE-2017-10278 HIGH
7.0 Nov 14

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Rated high severity (

Share

CVE-2017-10266 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy