PatchSiren cyber security CVE debrief
CVE-2017-3414 Oracle CVE debrief
CVE-2017-3414 is a high-severity Oracle E-Business Suite vulnerability in the Advanced Outbound Telephony user interface. Oracle’s description says an unauthenticated attacker with network access over HTTP can exploit the issue, but successful attacks require human interaction from someone other than the attacker. The affected releases listed by NVD are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6. Oracle and NVD indicate the issue can lead to unauthorized access to critical data or to unauthorized read/write access to some accessible data.
- Vendor
- Oracle
- Product
- CVE-2017-3414
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-27
- Advisory updated
- 2026-05-13
Who should care
Oracle E-Business Suite administrators, application security teams, and IT owners responsible for Oracle Advanced Outbound Telephony deployments should prioritize this issue, especially if the affected EBS versions are internet-reachable or exposed to broad internal network access. Because exploitation is network-based and unauthenticated, perimeter-facing review is important even though user interaction is also required.
Technical summary
NVD classifies the vulnerability with CVSS v3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N and a base score of 8.2. The affected component is Oracle Advanced Outbound Telephony, subcomponent User Interface, within Oracle E-Business Suite. The official record lists no specific CWE detail beyond NVD-CWE-noinfo. The impact described by Oracle includes confidentiality and integrity compromise, including unauthorized access to critical data and unauthorized update, insert, or delete access to some accessible data.
Defensive priority
High. This is a network-exploitable, unauthenticated issue that can affect sensitive Oracle E-Business Suite data, even though user interaction is required. Organizations running impacted versions should treat it as a priority patching and exposure-reduction item.
Recommended defensive actions
- Confirm whether Oracle E-Business Suite Advanced Outbound Telephony is deployed and whether any instance is on an affected version.
- Apply Oracle’s security update or vendor guidance for the January 2017 CPU referenced in the official advisory.
- Restrict network exposure to Oracle E-Business Suite interfaces, especially HTTP-accessible paths, until remediation is complete.
- Review access logs and application activity for unexpected interaction with the Advanced Outbound Telephony UI.
- Validate that compensating controls such as network segmentation and least-privilege access are in place for sensitive EBS data.
- Track Oracle advisory and NVD updates for any revision to affected versions or impact details.
Evidence notes
Claims in this brief are limited to the NVD record and Oracle advisory references provided in the source corpus. Timing context uses the CVE published date of 2017-01-27T22:59:07.397Z and modified date of 2026-05-13T00:24:29.033Z as supplied. No exploit method, proof-of-concept, or unsupported environmental assumptions are included.
Official resources
-
CVE-2017-3414 CVE record
CVE.org
-
CVE-2017-3414 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
- Source reference
Public CVE disclosed by Oracle and recorded by NVD on 2017-01-27. This summary is based only on the supplied official vulnerability record and referenced vendor advisory metadata.