Oracle WebCenter Content Vulnerability in Oracle Fusion Middleware
CVE-2018-2828

8.2HIGH

Key Information:

Vendor
Oracle
Status
Webcenter Content
Vendor
CVE Published:
19 April 2018

Summary

This vulnerability exists in the Oracle WebCenter Content component of Oracle Fusion Middleware, specifically within the Content Server. It allows low-privileged attackers with network access via HTTP to exploit the system, leading to potential unauthorized access to sensitive data. The attack process necessitates human interaction, which introduces a unique attack vector. Despite the vulnerability being localized within Oracle WebCenter Content, it poses risks to connected systems, as successful exploitation may enable unauthorized modifications, deletions, and could lead to a partial denial of service. Consequently, this vulnerability presents substantial risks to the integrity and confidentiality of accessible data across the affected versions.

Affected Version(s)

WebCenter Content 11.1.1.9.0

WebCenter Content 12.2.1.2.0

WebCenter Content 12.2.1.3.0

References

http://www.securitytracker.com/id/1040695
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/103797
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.