Lucene search

OracleCVE-2017-3598

HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3598

2017-04-2419:59:05

oracle

web.nvd.nist.gov

cve-2017-3598

oracle

webcenter sites

fusion middleware

vulnerability

unauthorized access

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

Nvd

Vulners

Node

oraclewebcenter_sitesMatch11.1.1.8.0

oraclewebcenter_sitesMatch12.2.1.0.0

oraclewebcenter_sitesMatch12.2.1.1.0

oraclewebcenter_sitesMatch12.2.1.2.0

VendorProductVersionCPE
oraclewebcenter_sites11.1.1.8.0cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
oraclewebcenter_sites12.2.1.0.0cpe:2.3:a:oracle:webcenter_sites:12.2.1.0.0:*:*:*:*:*:*:*
oraclewebcenter_sites12.2.1.1.0cpe:2.3:a:oracle:webcenter_sites:12.2.1.1.0:*:*:*:*:*:*:*
oraclewebcenter_sites12.2.1.2.0cpe:2.3:a:oracle:webcenter_sites:12.2.1.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	webcenter_sites	11.1.1.8.0	cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:::::::*
oracle	webcenter_sites	12.2.1.0.0	cpe:2.3:a:oracle:webcenter_sites:12.2.1.0.0:::::::*
oracle	webcenter_sites	12.2.1.1.0	cpe:2.3:a:oracle:webcenter_sites:12.2.1.1.0:::::::*
oracle	webcenter_sites	12.2.1.2.0	cpe:2.3:a:oracle:webcenter_sites:12.2.1.2.0:::::::*

CNA Affected

[
  {
    "product": "WebCenter Sites",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.1.8.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.1.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.2.0"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

www.securityfocus.com/bid/97905

www.securitytracker.com/id/1038291

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

Related for CVE-2017-3598