Oracle WebCenter Sites Vulnerability Exposes Data to Unauthorized Access
CVE-2018-2791

8.2HIGH

Key Information:

Vendor
Oracle
Status
Webcenter Sites
Vendor
CVE Published:
19 April 2018

Summary

A vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware exposes the system to attacks from unauthenticated users. The flaw allows an attacker with network access via HTTP to manipulate Oracle WebCenter Sites without any prior authentication. Successful exploitation requires human interaction from a user other than the attacker, which can lead to unauthorized access to sensitive data. This access may result in the ability to update, insert, or delete data within Oracle WebCenter Sites, significantly compromising the integrity and confidentiality of the information managed by the system. While the vulnerability resides in WebCenter Sites, the potential consequences may extend to other affected Oracle products.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

WebCenter Sites 12.2.1.2.0

WebCenter Sites 12.2.1.3.0

References

http://www.securitytracker.com/id/1040695
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/44752/
exploitx_refsource_EXPLOIT-DB

EPSS Score

87% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.