Oracle WebCenter Content Vulnerability Exposes Sensitive Data
CVE-2017-3625

8.2HIGH

Key Information:

Vendor

Oracle
Status
Webcenter Content
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3625?

A vulnerability exists in the Oracle WebCenter Content component, allowing an unauthenticated attacker with network access via HTTP to exploit the system. While exploiting this flaw requires human interaction, successful attacks can lead to unauthorized access to critical data, including the ability to read, update, insert, or delete accessible data within Oracle WebCenter Content. Given the sensitive nature of the information that could be compromised, organizations utilizing affected versions should prioritize remediation to safeguard their data.

Affected Version(s)

WebCenter Content 11.1.1.7

WebCenter Content 11.1.1.9

WebCenter Content 12.2.1.0

References

http://www.securitytracker.com/id/1038291
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97769
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-3625 : Oracle WebCenter Content Vulnerability Exposes Sensitive Data