Sign-up

ID

VAR-201704-1093


CVE

CVE-2017-3601


TITLE

Oracle Fusion Middleware of Oracle API Gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-003593

DESCRIPTION

Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle API Gateway accessible data as well as unauthorized access to critical data or complete access to all Oracle API Gateway accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). The vulnerability can be exploited over the 'HTTP' protocol. Oracle Fusion Middleware (Oracle Fusion Middleware) is a business innovation platform for enterprises and cloud environments of Oracle Corporation, which provides functions such as middleware and software collection

Trust: 2.07

sources: NVD: CVE-2017-3601 // JVNDB: JVNDB-2017-003593 // BID: 97817 // VULHUB: VHN-111804 // VULMON: CVE-2017-3601

AFFECTED PRODUCTS

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 2.7

sources: BID: 97817 // JVNDB: JVNDB-2017-003593 // CNNVD: CNNVD-201704-1197 // NVD: CVE-2017-3601

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3601
value: HIGH

Trust: 1.0

NVD: CVE-2017-3601
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-1197
value: HIGH

Trust: 0.6

VULHUB: VHN-111804
value: HIGH

Trust: 0.1

VULMON: CVE-2017-3601
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3601
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-111804
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3601
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111804 // VULMON: CVE-2017-3601 // JVNDB: JVNDB-2017-003593 // CNNVD: CNNVD-201704-1197 // NVD: CVE-2017-3601

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-111804 // JVNDB: JVNDB-2017-003593 // NVD: CVE-2017-3601

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1197

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-1197

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003593

PATCH
title:Oracle Critical Patch Update Advisory - April 2017url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - April 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html
Trust: 0.8
title:Oracle Fusion Middleware Oracle API Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70710
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-3601 // 
            
            
            
            JVNDB: JVNDB-2017-003593 // 
            
            
            
            CNNVD: CNNVD-201704-1197

EXTERNAL IDS
db:NVDid:CVE-2017-3601
Trust: 2.9
db:BIDid:97817
Trust: 2.1
db:SECTRACKid:1038291
Trust: 1.8
db:JVNDBid:JVNDB-2017-003593
Trust: 0.8
db:CNNVDid:CNNVD-201704-1197
Trust: 0.7
db:VULHUBid:VHN-111804
Trust: 0.1
db:VULMONid:CVE-2017-3601
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111804 // 
            
            
            
            VULMON: CVE-2017-3601 // 
            
            
            
            BID: 97817 // 
            
            
            
            JVNDB: JVNDB-2017-003593 // 
            
            
            
            CNNVD: CNNVD-201704-1197 // 
            
            
            
            NVD: CVE-2017-3601

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Trust: 2.2
url:http://www.securityfocus.com/bid/97817
Trust: 1.9
url:http://www.securitytracker.com/id/1038291
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3601
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3601
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111804 // 
            
            
            
            VULMON: CVE-2017-3601 // 
            
            
            
            BID: 97817 // 
            
            
            
            JVNDB: JVNDB-2017-003593 // 
            
            
            
            CNNVD: CNNVD-201704-1197 // 
            
            
            
            NVD: CVE-2017-3601

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 97817

SOURCES
db:VULHUBid:VHN-111804
db:VULMONid:CVE-2017-3601
db:BIDid:97817
db:JVNDBid:JVNDB-2017-003593
db:CNNVDid:CNNVD-201704-1197
db:NVDid:CVE-2017-3601

LAST UPDATE DATE
2024-11-23T21:41:22.229000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111804date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-3601date:2019-10-03T00:00:00
db:BIDid:97817date:2017-05-02T00:05:00
db:JVNDBid:JVNDB-2017-003593date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-1197date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3601date:2024-11-21T03:25:54.307

SOURCES RELEASE DATE
db:VULHUBid:VHN-111804date:2017-04-24T00:00:00
db:VULMONid:CVE-2017-3601date:2017-04-24T00:00:00
db:BIDid:97817date:2017-04-18T00:00:00
db:JVNDBid:JVNDB-2017-003593date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-1197date:2017-04-24T00:00:00
db:NVDid:CVE-2017-3601date:2017-04-24T19:59:06.037