CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-3626

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.9%

CVSS Severity

CVSS v3 Score 3.1

CVSS v2 Score 2.6

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.securityfocus.com/bid/97896
http://www.securitytracker.com/id/1038293
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.securityfocus.com/bid/97896
http://www.securitytracker.com/id/1038293

Products affected by CVE-2017-3626

Oracle » Glassfish Server » Version: 3.1.2

cpe:2.3:a:oracle:glassfish_server:3.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-3626

Products

Pricing

Contact Us