Oracle E-Business Suite SQL injection (CVE-2017-3549)

Description

Oracle EBS iesfootprint script is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the OEBS database server.

Remediation

Upgrade to the latest version of Oracle E-Business Suite

References

[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT

Related Vulnerabilities

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)

Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-14322)

MySQL CVE-2021-2299 Vulnerability (CVE-2021-2299)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3724)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0057)

Severity

High

Classification

CVE-2017-3549 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N