CVE-2017-3626
Summary
| CVE | CVE-2017-3626 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-24 19:59:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Glassfish Server | 3.1.2 | All | All | All |
| Application | Oracle | Glassfish Server | 3.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sun GlassFish Enterprise Server Flaw in Java Server Faces Lets Remote Users Access Data on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Oracle Critical Patch Update - April 2017 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| Oracle GlassFish Server CVE-2017-3626 Remote Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.