Vulnerabilities > CVE-2014-2400 - Cross-Site Scripting vulnerability in Oracle Fusion Middleware 2.2.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
oracle
Summary
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399. Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html "Please refer to My Oracle Support Note 1629648.1 for instructions on how to address this issue."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/127223/rt-sa-2013-003.txt |
id | PACKETSTORM:127223 |
last seen | 2016-12-05 |
published | 2014-06-25 |
reporter | redteam-pentesting.de |
source | https://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html |
title | Endeca Latitude 2.2.2 Cross Site Scripting |
References
- http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2014/Jun/124
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/archive/1/532557/100/0/threaded
- http://www.securityfocus.com/bid/66857