Lucene search

[email protected]CVE-2014-2424

HistoryApr 16, 2014 - 2:55 a.m.

CVE-2014-2424

2014-04-1602:55:15

[email protected]

web.nvd.nist.gov

cve-2014-2424

oracle

event processing

fusion middleware

vulnerability

remote authentication

integrity

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.

Affected configurations

NVD

Node

oraclefusion_middlewareMatch11.1.1.7.0

CPENameOperatorVersion
oracle:fusion_middlewareoracle fusion middlewareeq11.1.1.7.0

CPE	Name	Operator	Version
oracle:fusion_middleware	oracle fusion middleware	eq	11.1.1.7.0

References

packetstormsecurity.com/files/127365/Oracle-Event-Processing-FileUploadServlet-Arbitrary-File-Upload.html

www.exploit-db.com/exploits/33989

www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

www.osvdb.org/105844

www.securityfocus.com/bid/66871

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Related for CVE-2014-2424

nvd1 cvelist1 nessus1 prion1 zdi1 zdt1 packetstorm1 checkpoint_advisories1 oracle1 securityvulns1