Vulnerability in Oracle WebCenter Sites Component of Oracle Fusion Middleware
CVE-2018-3238

6.9MEDIUM

Key Information:

Vendor: Oracle
Status: Webcenter Sites
Vendor: CVE Published:; 17 October 2018

Summary

An access control vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware. An attacker with high privileges and network access via HTTP can exploit this flaw, requiring human interaction from another individual to successfully breach the system. While the vulnerability is specific to Oracle WebCenter Sites, successful exploitation can lead to unauthorized access to sensitive and critical data, as well as the ability to update, insert, or delete data within the system. This situation may arise from insufficient access controls, making it crucial for organizations using this software to evaluate their exposure and take appropriate security measures.

Affected Version(s)

WebCenter Sites 11.1.1.8.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105640

vdb-entryx_refsource_BID

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017