Exploitable Vulnerability in Oracle WebCenter Portal by Oracle
CVE-2018-3254

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Webcenter Portal
Vendor: CVE Published:; 17 October 2018

What is CVE-2018-3254?

The vulnerability in the Oracle WebCenter Portal component allows an unauthenticated attacker with network access via HTTP to compromise the Portal. This flaw can lead to unauthorized read access to a subset of data within the Oracle WebCenter Portal, potentially jeopardizing sensitive information. Affected versions include Oracle WebCenter Portal 11.1.1.9.0 and 12.2.1.3.0.

Affected Version(s)

WebCenter Portal 11.1.1.9.0

WebCenter Portal 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105649

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017