CVE-2013-3770

Sažetak

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is related to "iDoc script injection" in the (1) cs and (2) urm components, which allows attackers to read "sensitive" files, as demonstrated by obtaining the "AES encryption key and encrypted credentials" of the weblogic user.

Reference

http://osvdb.org/95271
http://secunia.com/advisories/54227
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.securityfocus.com/bid/61228
http://www.securitytracker.com/id/1028801
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1038
https://exchange.xforce.ibmcloud.com/vulnerabilities/85658

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

17-07-2013 - 13:41