Vulnerability in Oracle WebCenter Sites Component of Oracle Fusion Middleware
CVE-2018-2584

4.3MEDIUM

Key Information:

Vendor

Oracle
Status
Webcenter Sites
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2584?

An unauthorized access vulnerability exists within the Advanced UI component of Oracle WebCenter Sites in Oracle Fusion Middleware. This flaw can be exploited by a low-privileged attacker who has network access via HTTP. Exploiting this vulnerability allows unauthorized read access to certain data within Oracle WebCenter Sites, potentially compromising sensitive information.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

References

http://www.securityfocus.com/bid/102573
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040207
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-2584 : Vulnerability in Oracle WebCenter Sites Component of Oracle Fusion Middleware