Vulnerability in Oracle WebCenter Sites Affects Oracle Fusion Middleware
CVE-2017-3597

5.7MEDIUM

Key Information:

Vendor
Oracle
Status
Webcenter Sites
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware allows low-privileged attackers with network access through HTTP to compromise the platform. This flaw necessitates human interaction from a party other than the attacker to succeed. Once the vulnerability is exploited, it can lead to unauthorized access to sensitive information or complete control over all accessible data within Oracle WebCenter Sites, significantly impacting confidentiality.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

WebCenter Sites 12.2.1.0.0

WebCenter Sites 12.2.1.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97904
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.