Sign-up

ID

VAR-201708-0670


CVE

CVE-2017-10069


TITLE

Oracle Hospitality Applications of Oracle Payment Interface In Core Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-006358

DESCRIPTION

Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability can be exploited over the 'HTTP' protocol. This solution provides functions such as human resource cost management, tracking management of customer service throughout the journey to improve customer satisfaction, etc

Trust: 2.07

sources: NVD: CVE-2017-10069 // JVNDB: JVNDB-2017-006358 // BID: 99721 // VULHUB: VHN-100354 // VULMON: CVE-2017-10069

AFFECTED PRODUCTS

vendor:oraclemodel:payment interfacescope:eqversion:6.1.1

Trust: 2.1

vendor:oraclemodel:payment gateway servicesscope:eqversion:6.1.1

Trust: 0.6

sources: BID: 99721 // JVNDB: JVNDB-2017-006358 // CNNVD: CNNVD-201707-1454 // NVD: CVE-2017-10069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10069
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10069
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-1454
value: MEDIUM

Trust: 0.6

VULHUB: VHN-100354
value: LOW

Trust: 0.1

VULMON: CVE-2017-10069
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-10069
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100354
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10069
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-10069
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-100354 // VULMON: CVE-2017-10069 // JVNDB: JVNDB-2017-006358 // CNNVD: CNNVD-201707-1454 // NVD: CVE-2017-10069

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-100354 // JVNDB: JVNDB-2017-006358 // NVD: CVE-2017-10069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1454

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201707-1454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006358

PATCH
title:Oracle Critical Patch Update Advisory - July 2017url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - July 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
Trust: 0.8
title:Oracle Payment Interface Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74442
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10069 // 
            
            
            
            JVNDB: JVNDB-2017-006358 // 
            
            
            
            CNNVD: CNNVD-201707-1454

EXTERNAL IDS
db:NVDid:CVE-2017-10069
Trust: 2.9
db:BIDid:99721
Trust: 2.1
db:SECTRACKid:1038941
Trust: 1.8
db:JVNDBid:JVNDB-2017-006358
Trust: 0.8
db:CNNVDid:CNNVD-201707-1454
Trust: 0.7
db:VULHUBid:VHN-100354
Trust: 0.1
db:VULMONid:CVE-2017-10069
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100354 // 
            
            
            
            VULMON: CVE-2017-10069 // 
            
            
            
            BID: 99721 // 
            
            
            
            JVNDB: JVNDB-2017-006358 // 
            
            
            
            CNNVD: CNNVD-201707-1454 // 
            
            
            
            NVD: CVE-2017-10069

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Trust: 2.2
url:http://www.securityfocus.com/bid/99721
Trust: 1.9
url:http://www.securitytracker.com/id/1038941
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10069
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10069
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100354 // 
            
            
            
            VULMON: CVE-2017-10069 // 
            
            
            
            BID: 99721 // 
            
            
            
            JVNDB: JVNDB-2017-006358 // 
            
            
            
            CNNVD: CNNVD-201707-1454 // 
            
            
            
            NVD: CVE-2017-10069

CREDITS
Oracle
Trust: 0.9
sources:
            
            
            BID: 99721 // 
            
            
            
            CNNVD: CNNVD-201707-1454

SOURCES
db:VULHUBid:VHN-100354
db:VULMONid:CVE-2017-10069
db:BIDid:99721
db:JVNDBid:JVNDB-2017-006358
db:CNNVDid:CNNVD-201707-1454
db:NVDid:CVE-2017-10069

LAST UPDATE DATE
2024-11-23T21:00:00.661000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100354date:2019-10-31T00:00:00
db:VULMONid:CVE-2017-10069date:2019-10-31T00:00:00
db:BIDid:99721date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-006358date:2017-08-24T00:00:00
db:CNNVDid:CNNVD-201707-1454date:2019-10-23T00:00:00
db:NVDid:CVE-2017-10069date:2024-11-21T03:05:17.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-100354date:2017-08-08T00:00:00
db:VULMONid:CVE-2017-10069date:2017-08-08T00:00:00
db:BIDid:99721date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-006358date:2017-08-24T00:00:00
db:CNNVDid:CNNVD-201707-1454date:2017-07-18T00:00:00
db:NVDid:CVE-2017-10069date:2017-08-08T15:29:02.130