Critical severity9.8NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026

CVE-2017-3234

Description

Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via SFT to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected products

Oracle Corporation/Automatic Service Request
cpe:2.3:a:oracle:automatic_service_request:*:*:*:*:*:*:*:*
Range: <=5.5.1
Oracle Corporation/Automatic Service Request (ASR)v5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/97794nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000