CVE-2017-3375 Oracle CVE debrief

Who should care

Oracle E-Business Suite administrators, application security teams, and patch-management owners responsible for Advanced Outbound Telephony deployments, especially where the UI is reachable over network paths.

Technical summary

NVD lists CVSS v3.0 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N, which matches a network-reachable issue that still depends on user interaction. The affected Oracle Advanced Outbound Telephony versions listed in the source corpus are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. NVD also marks the weakness as NVD-CWE-noinfo, so the record does not provide a specific CWE classification.

Defensive priority

High

Recommended defensive actions

• Apply the Oracle CPU January 2017 remediation referenced in the supplied Oracle advisory for all affected Advanced Outbound Telephony versions.
• Inventory Oracle E-Business Suite instances to confirm whether Advanced Outbound Telephony is deployed on any of the affected versions listed by NVD.
• Restrict network access to the E-Business Suite UI and related HTTP endpoints to trusted administrative paths only.
• Reduce user-interaction risk with targeted awareness and operational controls for users who can access the affected UI.
• Validate remediation against Oracle guidance and monitor for unusual HTTP/UI access patterns after patching.

Evidence notes

Timing context is taken from the supplied CVE publishedAt value of 2017-01-27T22:59:06.180Z. The 2026-05-13 modified timestamp reflects NVD record maintenance, not a new disclosure date. All impact and exposure statements above are limited to the supplied CVE description, NVD metadata, and the Oracle advisory reference included in the corpus.

Official resources