Application: Oracle E-Business Suite **Versions Affected:**Oracle E-Business Suite 12.2.3 Vendor:Oracle **Bugs:**AUTH BYPASS **Reported:**23.12.2016 **Vendor response:**24.12.2016 **Date of Public Advisory:**18.04.2017 **Reference: **Oracle CPU April 2017 Authors: Alexey Tyurin (ERPScan), Ivan Chalykin (ERPScan)
Class: AUTH BYPASS
Impact: File Downloading
Remotely Exploitable: yes
Locally Exploitable: yes
CVE: CVE-2017-3556
CVSS Base Score v3: 5.3 / 10
CVSS Base Vector:
AV: Attack Vector (Related exploit range) | Network (N) |
---|---|
AC: Attack Complexity (Required attack complexity) | Low (L) |
PR: Privileges Required (Level of privileges needed to exploit) | None (N) |
UI: User Interaction (Required user participation) | None (N) |
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) |
C: Impact to Confidentiality | Low (L) |
I: Impact to Integrity | None (N) |
A: Impact to Availability | None (N) |
An attacker can bypass authorization checks and download files stored in E-Business Suite.
Oracle E-Business Suite 12.2.3
To correct this vulnerability, implement Oracle CPU April 2017
Vulnerable URL:
http://victim_ebs_server/OA_HTML/fndgfm.jsp?mode=download_blob&fid=1&mac=t
This JSP allows downloading files from the system without authorization checking. For a successful attack, an attacker needs to enumerate the fid
parameter.