Note that API access credentials are stored in the HTTP session, which makes them vulnerable to hijacking. In order to exploit this vulnerability, an attacker must be able to force an end user to visit a specially crafted malicious website.
An attacker must be able to force an end user to visit a malicious website in order to exploit the vulnerability.
Note: Accessing API endpoints from the browser is not a supported scenario.
An attacker must be able to force an end user to visit a malicious website in order to exploit the vulnerability. Accessing API endpoints from the browser is not a supported scenario. VDI storage profiles are not vulnerable to this vulnerability.
Vulnerability in Oracle WebCenter Sites component of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 11.1.1.7.0, 12.1.1.7.0, 12.1.1.7.0, 12.2.1.7.0, 12.2.1.7.0, 12.2.1.7.0 and 12.2.1.7.0. Easily exploitable vulnerability allows low privileged attacker with login to view complete remote code execution details. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3
Vulnerability in Oracle WebCenter Sites component of Oracle Fusion Middleware (CVE-2023)
Note that API access credentials are stored in the HTTP session, which makes them vulnerable to hijacking. In order to exploit this vulnerability, an attacker must be able to force an end user to visit a specially crafted malicious website.
In order to exploit this vulnerability, an attacker must be able to force an end user to visit a malicious website in order to exploit the vulnerability.
Vulnerability in Oracle WebCenter Sites component of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 11.1.1.7.0, 12.1.1.7.0, 12.1.1.7.0, 12.2.1.7.0, 12 .2 . 1 . 7 . 0 and 12 .2 . 1 . 7 . 0 Herve logeulung9a4b4c8d
An attacker must be able to force an end user to visit a malicious website in order to exploit the vulnerability
Vulnerability in Oracle WebCenter Sites component of Oracle Fusion Middleware (CVE-2022)
Oracle WebCenter Sites is a product that helps organizations design and develop websites and web applications. Oracle Security will be releasing a security patch for this vulnerability in the near future. The affected product versions are 12.1.1.7, 12.2.1.7, 11.1.1.7 and 12.2.1.7 and will be released to the public as soon as possible after Oracle Security has completed the patch process
Vulnerable software: Oracle WebCenter Sites component of Oracle Fusion Middleware (CVE-2022)
Supported versions that are affected are 11.1.1.7, 12.1.1.7, 12,2,12,2/2 and 12/2/2
Easily exploitable vulnerability allows low privileged attacker with login to view complete remote code execution details
VDI Storage Profiles are not vulnerable to this vulnerability
This vulnerability affects Oracle WebCenter Sites and not VDI storage profiles.
This vulnerability affects Oracle WebCenter Sites and not VDI storage profiles.
Note: Accessing API endpoints from the browser is not a supported scenario.
VDI storage profiles are not vulnerable to this vulnerability .
Note: Accessing API endpoints from the browser is not a supported scenario.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC