Vulnerability in Oracle WebCenter Portal Affects Fusion Middleware
CVE-2018-2713

8.2HIGH

Key Information:

Vendor
Oracle
Status
Webcenter Portal
Vendor
CVE Published:
18 January 2018

Summary

The vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to compromise the portal. This exploit requires human interaction from an individual other than the attacker. While the main impact is on Oracle WebCenter Portal, the ramifications may extend to other products, allowing unauthorized creation, deletion, or modification access to critical data. Additionally, attackers could gain unauthorized read access to certain subsets of data within the Oracle WebCenter Portal. The supported versions affected include 11.1.1.9.0, 12.2.1.2.0, and 12.2.1.3.0.

Affected Version(s)

WebCenter Portal 11.1.1.9.0

WebCenter Portal 12.2.1.2.0

WebCenter Portal 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040207
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102550
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.