CVE-2017-3543
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
Vulnerabilidad en el componente Oracle WebCenter Sites de Oracle Fusion Middleware (subcomponente: Server). Versiones compatibles que son afectadas son 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 y 12.2.1.2.0. Vulnerabilidad fácilmente explotable Permite a atacante no autenticado con acceso a la red a través de HTTP comprometa Sitios Web de Oracle WebCenter. Los ataques exitosos de esta vulnerabilidad pueden provocar acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle WebCenter Sites, así como actualizaciones no autorizadas, insertar o eliminar acceso a algunos de los datos accesibles de Oracle WebCenter Sites y capacidad no autorizada para causar una negación parcial de (partial DOS) de los sitios Web de Oracle WebCenter. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2016-12-06 CVE Reserved
- 2017-04-24 CVE Published
- 2024-10-04 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97768 | Third Party Advisory | |
http://www.securitytracker.com/id/1038291 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Webcenter Sites Search vendor "Oracle" for product "Webcenter Sites" | 11.1.1.8.0 Search vendor "Oracle" for product "Webcenter Sites" and version "11.1.1.8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Webcenter Sites Search vendor "Oracle" for product "Webcenter Sites" | 12.2.1.0.0 Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Webcenter Sites Search vendor "Oracle" for product "Webcenter Sites" | 12.2.1.1.0 Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Webcenter Sites Search vendor "Oracle" for product "Webcenter Sites" | 12.2.1.2.0 Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.2.0" | - |
Affected
|