PatchSiren cyber security CVE debrief
CVE-2017-3411 Oracle CVE debrief
CVE-2017-3411 is a high-severity Oracle Advanced Outbound Telephony vulnerability in Oracle E-Business Suite. According to NVD, it is remotely reachable over HTTP, requires no authentication, and does require human interaction. Oracle’s affected versions listed in the record are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. Successful exploitation can expose sensitive data and allow unauthorized modification of some accessible data.
- Vendor
- Oracle
- Product
- CVE-2017-3411
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-27
- Advisory updated
- 2026-05-13
Who should care
Oracle E-Business Suite administrators, application security teams, and defenders responsible for Oracle Advanced Outbound Telephony deployments on the affected versions should treat this as a high-priority review item, especially where the service is reachable from networks used by untrusted users.
Technical summary
NVD lists CVE-2017-3411 with CVSS v3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N, indicating network attack surface, low attack complexity, no privileges required, and user interaction required. The record identifies Oracle Advanced Outbound Telephony (User Interface subcomponent) as the affected component and marks the weakness as NVD-CWE-noinfo. The vulnerability is described as allowing unauthorized access to critical data and unauthorized insert/update/delete access to some accessible data.
Defensive priority
High. The combination of network reachability, no authentication requirement, and meaningful confidentiality/integrity impact justifies prompt validation of exposure and remediation on affected Oracle E-Business Suite instances.
Recommended defensive actions
- Inventory Oracle E-Business Suite instances using Advanced Outbound Telephony and confirm whether they match an affected version listed in the record.
- Check whether the component is reachable from untrusted networks and restrict access where possible.
- Apply the relevant Oracle security guidance referenced by the vendor advisory link in the CVE record.
- Monitor for abnormal access or unexpected data access/modification activity involving Advanced Outbound Telephony.
- Use the official NVD and CVE records to track the vulnerability status and any updated references.
Evidence notes
This debrief is based only on the supplied CVE/NVD corpus. The CVE was published on 2017-01-27T22:59:07.303Z and the NVD record was modified on 2026-05-13T00:24:29.033Z. The source corpus includes Oracle CPU January 2017 as a vendor advisory reference and SecurityFocus BID 95531 as an additional reference. No exploit details beyond the published CVE/NVD description were used.
Official resources
-
CVE-2017-3411 CVE record
CVE.org
-
CVE-2017-3411 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
- Source reference
Publicly disclosed on 2017-01-27 per the supplied CVE publication timestamp.