Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2017-10033

🗓️ 19 Oct 2017 17:00:00Reported by oracleType 
cve
 cve🔗 web.nvd.nist.gov👁 80 Views🌐 WEB

Vulnerability in Oracle WebCenter Sites component of Oracle Fusion Middleware allows unauthorized data access and manipulation

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
CNVD		Unspecified Vulnerability in Oracle Fusion Middleware Oracle WebCenter Sites Component (CNVD-2017-33941)
18 Oct 201700:00
cnvd
Cvelist		CVE-2017-10033
19 Oct 201717:00
cvelist
Exploit DB		Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
25 May 201800:00
exploitdb
EUVD		EUVD-2017-1680
7 Oct 202500:30
euvd
exploitpack		Oracle WebCenter FatWire Content Server 7 - Improper Access Control
25 May 201800:00
exploitpack
NVD		CVE-2017-10033
19 Oct 201717:29
nvd
Oracle		Oracle Critical Patch Update - October 2017
17 Oct 201700:00
oracle
Tenable Nessus		Oracle WebCenter Sites Local Vulnerability (Oct 2017 CPU)
20 Oct 201700:00
nessus
OSV		CVE-2017-10033
19 Oct 201717:29
osv
Packet Storm		Oracle WebCenter (Fatwire) Improper Access Control
25 May 201800:00
packetstorm
Rows per page
NVD
Vulners
Node
oraclewebcenter_sitesMatch11.1.1.8.0
OR
oraclewebcenter_sitesMatch12.2.1.2.0
[
  {
    "product": "WebCenter Sites",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.1.8.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.2.0"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
tblrequest bodycs/SatelliteImproper Access Control allows sending SQL queries without authentication.
queryrequest bodycs/SatelliteImproper Access Control allows sending SQL queries without authentication.
pagenamerequest bodycs/SatelliteImproper Access Control allows sending SQL queries without authentication.
pagenamequery paramcs/SatelliteImproper Access Control allows accessing table lists via pagename parameter.
pagenamequery paramcs/SatelliteImproper Access Control via pagename with admin-like actions (e.g., FlushTables) without authentication.
cmdquery paramcs/SatelliteImproper Access Control via pagename with admin-like actions (e.g., FlushTables) without authentication.
pagenamequery paramcs/SatelliteExposure of OpenMarket demos via pagename parameter without proper auth checks.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 00:59Current
3Low risk
Vulners AI Score3
CVSS 23.3
CVSS 34
EPSS0.02327
SSVC
oraclewebcenter sitesfusion middlewarevulnerabilitycve-2017-10033nvdsecurity issue
80