CVE CyberSecurity Database News

CVE-2022-21616 Vulnerability in Oracle WebLogic Server. Vulnerable versions are 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. Impacted versions are 12.2.1.2.0 and 12.2.1.1.0.

Poster -

There are no known exploits in the wild at this time. Please see Oracle's notification for further details about CVSS and how to report these issues. Oracle Collaboration - Easy Tier - CVE-2018-32717 Easy Tier component does not properly restrict access to objects during processing of XML input. A remote attacker could send an XML input document and obtain a valid signature, or an attacker could send an XML input document and obtain access to an object via XML processing. This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H).

There are no known exploits in the wild at this time. Please see Oracle's notification for further details about CVSS and how to report these issues. Oracle Collaboration - Enterprise Manager - CVE-2018-32717 Enterprise Manager component does not properly restrict access to objects during processing of XML input. A remote attacker could send an XML input document and obtain a valid signature, or an attacker could send an XML input document and obtain access to an object via XML processing. This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However

Oracle Collaboration - Easy Tier

- CVE-2018-32717
This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit.

Oracle Collaboration - Enterprise Manager - (EM) CVE-2018-32717

This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References