Vulnerability in Oracle WebCenter Sites Component of Oracle Fusion Middleware
CVE-2017-3602

8.1HIGH

Key Information:

Vendor
Oracle
Status
Webcenter Sites
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware, specifically within the Advanced UI. This security flaw allows attackers with low privileges and network access to exploit the system via HTTP. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data within Oracle WebCenter Sites. Moreover, this vulnerability may result in complete unauthorized access to all data accessible by the application, endangering the confidentiality and integrity of sensitive information.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

WebCenter Sites 12.2.1.0.0

WebCenter Sites 12.2.1.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97823
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.