Vulnerabilities > CVE-2018-2564 - Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0

047910
CVSS 8.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
oracle
nessus

Summary

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Nessus

  • NASL familyCGI abuses
    NASL idORACLE_WEBCENTER_CONTENT_JAN_2018_CPU.NASL
    descriptionThe version of Oracle WebCenter Content running on the remote host is affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id107090
    published2018-03-01
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/107090
    titleOracle WebCenter Content Multiple Vulnerabilities (January 2018 CPU)
  • NASL familyWeb Servers
    NASL idSUN_JAVA_WEB_SERVER_7_0_27.NASL
    descriptionAccording to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.
    last seen2020-06-01
    modified2020-06-02
    plugin id106349
    published2018-01-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106349
    titleOracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_JAN_2018.NASL
    descriptionThe version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory.
    last seen2020-03-18
    modified2018-01-24
    plugin id106299
    published2018-01-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106299
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)