Lucene search

[email protected]CVE-2014-2399

HistoryApr 16, 2014 - 1:55 a.m.

CVE-2014-2399

2014-04-1601:55:10

[email protected]

web.nvd.nist.gov

cve-2014-2399

oracle

endeca server

fusion middleware

nvd

information discovery

latitude

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

Low

0.639 Medium

EPSS

Percentile

97.9%

JSON

Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.

Affected configurations

NVD

Node

oraclefusion_middlewareMatch2.2.2

CPENameOperatorVersion
oracle:fusion_middlewareoracle fusion middlewareeq2.2.2

CPE	Name	Operator	Version
oracle:fusion_middleware	oracle fusion middleware	eq	2.2.2

References

packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html

seclists.org/fulldisclosure/2014/Jun/123

www.exploit-db.com/exploits/33897

www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

www.securityfocus.com/archive/1/532556/100/0/threaded

www.securityfocus.com/bid/66864

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

Low

0.639 Medium

EPSS

Percentile

97.9%

JSON

Related for CVE-2014-2399

prion2 nvd2 cvelist2 cve1 zdt1 exploitpack1 securityvulns3 packetstorm2 exploitdb1 oracle1