5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
4.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.5%
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is related to “iDoc script injection” in the (1) cs and (2) urm components, which allows attackers to read “sensitive” files, as demonstrated by obtaining the “AES encryption key and encrypted credentials” of the weblogic user.
osvdb.org/95271
secunia.com/advisories/54227
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
www.securityfocus.com/bid/61228
www.securitytracker.com/id/1028801
www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1038
exchange.xforce.ibmcloud.com/vulnerabilities/85658