Vulnerability in Oracle WebCenter Sites Affects Oracle Fusion Middleware
CVE-2017-3598

3.1LOW

Key Information:

Vendor
Oracle
Status
Webcenter Sites
Vendor
CVE Published:
24 April 2017

Summary

This vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware allows a low-privileged attacker with network access via HTTP to access certain sensitive data without proper authorization. The affected versions of the product are particularly susceptible due to their configuration and existing permissions. Successful exploitation may lead to unauthorized read access to data, posing significant risks to data confidentiality. Organizations utilizing these versions are encouraged to apply available security patches promptly.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

WebCenter Sites 12.2.1.0.0

WebCenter Sites 12.2.1.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97905
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.