CVE-2017-10194
LOWOracle Integrated Lights Out Manager Firmware < 3.2.6 - Authenticated Exposure of Sensitive Information via HTTP
Title source: llmDescription
Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101445
Scores
CVSS v3
2.7
EPSS
0.0022
EPSS Percentile
43.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
oracle/integrated_lights_out_manager_firmware
< 3.2.5
Oracle Corporation/SSM - (hot-tamale) ILOM: Integrated Lights Out Manager
unspecified - 3.2.6
Published
Oct 19, 2017
Tracked Since
Feb 18, 2026