CVE-2017-10173
MEDIUMOracle Retail Open Commerce Platform <6.2 - Unauthenticated RCE
Title source: llmDescription
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website). Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. While the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).
Scores
CVSS v3
5.8
EPSS
0.0177
EPSS Percentile
82.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Details
Status
published
Products (16)
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
oracle/retail_open_commerce_platform_cloud_service
Oracle Corporation/Retail Open Commerce Platform Cloud Service
< 5.0
Oracle Corporation/Retail Open Commerce Platform Cloud Service
< 5.1
... and 6 more
Published
Aug 08, 2017
Tracked Since
Feb 18, 2026