Vulnerabilities > CVE-2014-2399 - Cross-Site Request Forgery vulnerability in Oracle Fusion Middleware 2.2.2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
oracle
exploit available
NVD
Published: 2014-04-16
Updated: 2018-10-09

Summary

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400. Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html "Please refer to My Oracle Support Note 1629648.1 for instructions on how to address this issue."

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

descriptionEndeca Latitude 2.2.2 - CSRF Vulnerability. CVE-2014-2399. Webapps exploits for multiple platform
fileexploits/multiple/webapps/33897.txt
idEDB-ID:33897
last seen2016-02-03
modified2014-06-27
platformmultiple
port
published2014-06-27
reporterRedTeam Pentesting
sourcehttps://www.exploit-db.com/download/33897/
titleEndeca Latitude 2.2.2 - CSRF Vulnerability
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127222/rt-sa-2013-002.txt
idPACKETSTORM:127222
last seen2016-12-05
published2014-06-25
reporterredteam-pentesting.de
sourcehttps://packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html
titleEndeca Latitude 2.2.2 Cross Site Request Forgery

References