PatchSiren cyber security CVE debrief
CVE-2017-3410 Oracle CVE debrief
CVE-2017-3410 is a high-severity Oracle E-Business Suite issue in the Advanced Outbound Telephony user interface. NVD describes it as an easily exploitable, network-reachable HTTP vulnerability that can be triggered by an unauthenticated attacker, but it does require human interaction from someone other than the attacker. Successful exploitation can expose critical data and can also allow unauthorized modification of some Advanced Outbound Telephony data. Oracle’s January 2017 CPU advisory is the vendor reference associated with this issue.
- Vendor
- Oracle
- Product
- CVE-2017-3410
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-27
- Advisory updated
- 2026-05-13
Who should care
Oracle E-Business Suite administrators, application security teams, SOC analysts, and operations teams responsible for Advanced Outbound Telephony deployments should prioritize this CVE. It is especially relevant for environments that expose the affected UI to untrusted networks or have broad internal access.
Technical summary
The NVD record identifies CVE-2017-3410 in Oracle Advanced Outbound Telephony (Oracle E-Business Suite subcomponent: User Interface) across supported versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. The published CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N, indicating network access, low attack complexity, no privileges required, and required user interaction. NVD does not assign a specific CWE in the supplied record (NVD-CWE-noinfo).
Defensive priority
High. The vulnerability is network-reachable, unauthenticated, and carries high confidentiality impact with integrity impact. User interaction reduces immediacy but does not eliminate the need for prompt patching and exposure review.
Recommended defensive actions
- Review Oracle CPU January 2017 guidance and apply the vendor fix or update path for affected Advanced Outbound Telephony versions.
- Inventory all Oracle E-Business Suite instances using Advanced Outbound Telephony UI and confirm whether any affected versions are deployed.
- Restrict network exposure to the UI component wherever possible, especially from untrusted networks.
- Monitor for unusual user-interaction-driven access patterns and suspicious HTTP requests to the affected interface.
- Validate that compensating controls and segmentation are in place for systems that cannot be patched immediately.
Evidence notes
All core claims are taken from the supplied NVD record and Oracle vendor reference. The supplied record states the vulnerable product, affected versions, network/HTTP reachability, unauthenticated attack path, required human interaction, impact scope, and CVSS v3.0 vector. Oracle’s January 2017 CPU advisory is listed in NVD references. No exploit code or unsupported mitigation claims are included.
Official resources
-
CVE-2017-3410 CVE record
CVE.org
-
CVE-2017-3410 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
- Source reference
CVE published by the source record on 2017-01-27T22:59:07.273Z; NVD record last modified on 2026-05-13T00:24:29.033Z.