Unauthenticated Remote Access Vulnerability in Oracle WebCenter Content by Oracle
CVE-2018-2596

8.2HIGH

Key Information:

Vendor
Oracle
Status
Webcenter Content
Vendor
CVE Published:
18 January 2018

Summary

This vulnerability exists in the Oracle WebCenter Content component of Oracle Fusion Middleware, allowing unauthenticated attackers to exploit the system via HTTP. While the direct impact is on Oracle WebCenter Content, successful exploitation may significantly affect other interconnected products. Attackers can gain unauthorized access to critical data, allowing them to create, delete, or modify information within the content server. In specific scenarios, human interaction from a third party is needed for the exploit to succeed, heightening the risk of unauthorized data disclosure and manipulation.

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040207
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102545
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.