CVE-2018-2584

4.3MEDIUM

Key Information:

Vendor
Oracle
Status
Webcenter Sites
Vendor
CVE Published:
18 January 2018

Summary

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Affected Version(s)

WebCenter Sites 11.1.1.8.0

References

http://www.securityfocus.com/bid/102573
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040207
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.