Vulnerability in Oracle WebCenter Sites Component of Oracle Fusion Middleware
CVE-2017-3596

7.6HIGH

Key Information:

Vendor

Oracle
Status
Webcenter Sites
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3596?

This vulnerability affects the Oracle WebCenter Sites component within Oracle Fusion Middleware, allowing an attacker with low privileges and network access via HTTP to gain unauthorized access to sensitive data. Successful exploitation may lead to total compromise of accessible data and unauthorized manipulation, including updates, insertions, and deletions. It poses a risk of causing a partial denial of service, affecting the functionality of Oracle WebCenter Sites. Supported affected versions include 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

WebCenter Sites 12.2.1.0.0

WebCenter Sites 12.2.1.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97875
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.