Description
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97720
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038297
Scores
CVSS v3
7.5
EPSS
0.0187
EPSS Percentile
83.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
Status
published
Products (6)
oracle/enterprise_manager_base_platform
12.1.0
oracle/enterprise_manager_base_platform
13.1.0
oracle/enterprise_manager_base_platform
13.2.0
Oracle Corporation/Enterprise Manager Base Platform
12.1.0
Oracle Corporation/Enterprise Manager Base Platform
13.1.0
Oracle Corporation/Enterprise Manager Base Platform
13.2.0
Published
Apr 24, 2017
Tracked Since
Feb 18, 2026