CVE-2017-1178 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.
CVE-2017-1179 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.
CVE-2017-1180 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.
CVE-2017-1181 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.
CVE-2017-1182 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management
Potential Impact of CVSS Severity
CVSS scores are based on a scale from 0 to 10, with higher scores generally equating to a more severe risk.
A CVSS score of 3.0 indicates that the vulnerability could be exploited remotely without authentication and potentially result in information disclosure, remote code execution, or denial-of-service conditions.
A CVSS score of 4.0 indicates that the vulnerability could be exploited remotely without authentication and potentially result in information disclosure, remote code execution, or denial-of-service conditions.
Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing a
Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.
This article talks about the bugs that Oracle released in their billing and revenue management software.
Potential Impact of an exploitable vulnerability
The vulnerabilities that exist in Oracle Communications Billing and Revenue Management allow an unauthenticated, remote attacker to view the entire contents of a mailbox. This can be utilized to gain access to sensitive information such as credit card numbers and social security numbers.
This vulnerability could be exploited by an unauthorized user to perform some form of malicious activity on behalf of the vulnerable application or by an authorized user if they knew how to do it. The vulnerability was also found in software other than Oracle Communications Billing and Revenue Management, so it is not limited to that one application.
Timeline
Published on: 01/19/2022 12:15:00 UTC
Last modified on: 01/21/2022 22:28:00 UTC