PatchSiren cyber security CVE debrief
CVE-2017-3275 Oracle CVE debrief
CVE-2017-3275 is a high-severity Oracle Email Center issue in Oracle E-Business Suite. Oracle’s published description says an unauthenticated attacker with network access via HTTP can compromise the component, but successful exploitation requires human interaction by someone other than the attacker. Oracle also notes the impact may extend beyond Email Center itself.
- Vendor
- Oracle
- Product
- CVE-2017-3275
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-27
- Advisory updated
- 2026-05-13
Who should care
Organizations running Oracle E-Business Suite releases that include Email Center should care most, especially teams responsible for application security, patching, and user-facing workflow controls. Security operations teams should also treat this as relevant because exploitation is network-reachable and can affect sensitive business data.
Technical summary
NVD describes this issue with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (score 8.2). The affected Oracle Email Center versions listed in the CVE record are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. The record indicates confidentiality is the primary concern, with integrity impact also present, and the weakness classification is NVD-CWE-noinfo.
Defensive priority
High priority. The issue is network-reachable, does not require authentication, and can expose critical data or permit limited data modification. The user-interaction requirement reduces ease of exploitation, but it does not remove the need for prompt review and remediation.
Recommended defensive actions
- Confirm whether Oracle Email Center is deployed in any Oracle E-Business Suite environment matching the affected versions listed in the CVE record.
- Review the Oracle January 2017 Critical Patch Update advisory referenced by NVD and apply Oracle’s remediation guidance for the affected product line.
- Reduce exposure of the Email Center interface to only required networks and users, and limit HTTP access where operationally feasible.
- Monitor for unusual Email Center traffic, unexpected user interactions, and signs of unauthorized data access or modification.
- After remediation, validate that the affected E-Business Suite environments are functioning normally and that access controls still match business requirements.
Evidence notes
This debrief is based on the published CVE record and the NVD entry for CVE-2017-3275. The CVE was published on 2017-01-27 and the NVD record was modified on 2026-05-13. The source corpus identifies Oracle as the vendor, Oracle Email Center as the affected product/component, and cites Oracle’s January 2017 CPU advisory as the vendor reference.
Official resources
-
CVE-2017-3275 CVE record
CVE.org
-
CVE-2017-3275 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
- Source reference
Publicly disclosed in the CVE record on 2017-01-27. This debrief uses the CVE published date as the issue date context; the later 2026-05-13 record modification is not treated as the disclosure date.