PatchSiren cyber security CVE debrief

CVE-2017-3362 Oracle CVE debrief

CVE-2017-3362 is a high-severity Oracle Knowledge Management vulnerability in Oracle E-Business Suite's User Interface subcomponent. According to the CVE record, it is easily exploitable over HTTP by an unauthenticated attacker, but successful exploitation requires human interaction from someone other than the attacker. The reported impact is primarily on confidentiality and integrity, including unauthorized access to critical data and the ability to update, insert, or delete some accessible data.

Vendor: Oracle
Product: CVE-2017-3362
CVSS: HIGH 8.2
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-27
Original CVE updated: 2026-05-13
Advisory published: 2017-01-27
Advisory updated: 2026-05-13

Who should care

Organizations running Oracle E-Business Suite 12.1.1, 12.1.2, or 12.1.3 with Oracle Knowledge Management exposed to network access should prioritize this. Security teams, application owners, and administrators responsible for Oracle patching and user-facing workflow controls are the primary audience.

Technical summary

The CVE describes a vulnerability in Oracle Knowledge Management (User Interface) affecting versions 12.1.1, 12.1.2, and 12.1.3. The NVD vector indicates network attack via HTTP, no privileges required, and user interaction required (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). The described outcomes include unauthorized access to critical data and unauthorized modification of some accessible data. The vendor advisory referenced by NVD is Oracle CPU Jan 2017.

Defensive priority

High. The issue is network-reachable, unauthenticated, and can lead to meaningful confidentiality and integrity impact if a user can be induced to interact with the attack path.

Recommended defensive actions

Review Oracle CPU January 2017 guidance for CVE-2017-3362 and apply the vendor-recommended patching or mitigation steps.
Verify whether Oracle Knowledge Management 12.1.1, 12.1.2, or 12.1.3 is deployed anywhere in the environment, including indirectly exposed instances.
Restrict access to the affected Oracle E-Business Suite surfaces to the minimum necessary network paths while remediation is planned.
Monitor for unusual user-driven requests or workflow interactions involving Oracle Knowledge Management.
Validate that adjacent Oracle E-Business Suite components that depend on or integrate with Knowledge Management are not unintentionally exposed.

Evidence notes

All claims are drawn from the supplied CVE description and NVD metadata. The CVE record states the affected component, versions, attack conditions, and impacts. The NVD metadata provides the CVSS vector and Oracle advisory reference. No exploit details or unverified mitigation specifics are included.

Official resources

CVE-2017-3362 CVE record
CVE.org
CVE-2017-3362 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed on 2017-01-27T22:59:05.727Z. NVD last modified this record on 2026-05-13T00:24:29.033Z. The CVE timeline provided here should be used for issue dating; do not infer the vulnerability's creation or review date from later c