CVE-2017-3385 : What You Need to Know
Learn about CVE-2017-3385 affecting Oracle Advanced Outbound Telephony in Oracle E-Business Suite. Discover the impact, affected versions, and mitigation steps.
Oracle Advanced Outbound Telephony in Oracle E-Business Suite is vulnerable to unauthorized access and data compromise.
Understanding CVE-2017-3385
What is CVE-2017-3385?
The vulnerability in Oracle Advanced Outbound Telephony allows attackers to compromise the system via HTTP, potentially leading to unauthorized data access and manipulation.
The Impact of CVE-2017-3385
- CVSS v3.0 Base Score: 8.2 (Confidentiality and Integrity impacts)
- Unauthorized access to critical data
- Complete access to all Oracle Advanced Outbound Telephony data
- Unauthorized update, insert, or delete access to certain data
- Requires human interaction from a different person than the attacker
- Potential impact on other products
Technical Details of CVE-2017-3385
Vulnerability Description
The vulnerability affects Oracle Advanced Outbound Telephony in Oracle E-Business Suite, specifically the User Interface.
Affected Systems and Versions
- Advanced Outbound Telephony versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
Exploitation Mechanism
- Easily exploitable via HTTP
- Requires network access
- Human interaction from a different person than the attacker
Mitigation and Prevention
Immediate Steps to Take
- Apply patches provided by Oracle
- Monitor for any unauthorized access or changes
- Restrict network access to vulnerable systems
Long-Term Security Practices
- Regularly update and patch software
- Conduct security training for employees
- Implement network segmentation and access controls
Patching and Updates
- Oracle released patches to address the vulnerability
- Regularly check for updates and apply them promptly