CVE-2017-3382 in E-Business Suite
Summary
by MITRE
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/16/2026
The vulnerability identified as CVE-2017-3382 resides within Oracle Advanced Outbound Telephony component of Oracle E-Business Suite, specifically affecting the User Interface subcomponent. This vulnerability represents a significant security weakness that impacts multiple versions including 12.1.1 through 12.2.6, making it a widespread concern across various Oracle E-Business Suite deployments. The vulnerability classification aligns with CWE-287 which addresses improper authentication issues, and can be mapped to ATT&CK technique T1190 for exploiting vulnerabilities in web applications.
The technical flaw manifests as an easily exploitable vulnerability that allows unauthenticated attackers to compromise the Oracle Advanced Outbound Telephony component through HTTP network access. This weakness enables attackers to gain unauthorized access to critical data and complete access to all data within the vulnerable component. The vulnerability requires human interaction from individuals other than the attacker, suggesting it may involve social engineering elements or user interaction with malicious payloads. The attack vector specifically targets the HTTP protocol, indicating the vulnerability exists within web-facing interfaces that process HTTP requests without proper authentication mechanisms.
The operational impact of this vulnerability extends beyond the immediate Oracle Advanced Outbound Telephony component, potentially affecting additional products within the Oracle E-Business Suite ecosystem. Successful exploitation can result in unauthorized access to sensitive data, complete access to all accessible data, and unauthorized modification capabilities including update, insert, and delete operations on the affected systems. This comprehensive access level represents a critical security risk that could lead to data breaches, data manipulation, and potential business disruption. The CVSS v3.0 base score of 8.2 indicates high severity with significant impacts to both confidentiality and integrity, reflecting the potential for substantial data compromise and system manipulation.
Organizations affected by CVE-2017-3382 should implement immediate mitigations including applying Oracle's security patches and updates, implementing network segmentation to limit access to vulnerable components, and strengthening authentication mechanisms. The vulnerability demonstrates the importance of proper access controls and authentication validation in web applications, particularly those handling sensitive business data. Security teams should conduct comprehensive assessments of their Oracle E-Business Suite deployments to identify and remediate similar vulnerabilities. Network monitoring should be enhanced to detect suspicious HTTP traffic patterns that may indicate exploitation attempts, while access controls should be reviewed to ensure least privilege principles are maintained across all system components.