Oracle WebCenter Sites Vulnerability in Fusion Middleware Component
CVE-2017-3603

3.1LOW

Key Information:

Vendor
Oracle
Status
Webcenter Sites
Vendor
CVE Published:
24 April 2017

Summary

This vulnerability exists within the Oracle WebCenter Sites component of Oracle Fusion Middleware's Advanced UI. It allows a low-privileged attacker with network access via HTTP to exploit the system and gain unauthorized read access to certain data within Oracle WebCenter Sites. The supported versions affected by this vulnerability include 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0. Proper security measures should be taken to mitigate the risks associated with this vulnerability.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

WebCenter Sites 12.2.1.0.0

WebCenter Sites 12.2.1.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97907
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.