CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
27.9%
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion
Middleware (subcomponent: Security). Supported versions that are affected
are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows
unauthenticated attacker with network access via LDAP to compromise Oracle
GlassFish Server. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of Oracle GlassFish
Server accessible data as well as unauthorized read access to a subset of
Oracle GlassFish Server accessible data and unauthorized ability to cause a
partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS
v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).
www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixFMW
launchpad.net/bugs/cve/CVE-2017-3249
nvd.nist.gov/vuln/detail/CVE-2017-3249
security-tracker.debian.org/tracker/CVE-2017-3249
www.cve.org/CVERecord?id=CVE-2017-3249
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
27.9%