CVE-2017-3597

MEDIUM

Oracle WebCenter Sites <12.2.1.2.0 - Info Disclosure

Title source: llm

Description

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).

References (3)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97904

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038291

Scores

CVSS v3 5.7

EPSS 0.0031

EPSS Percentile 53.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Classification

Status published

Affected Products (8)

oracle/webcenter_sites

Oracle Corporation/WebCenter Sites < 11.1.1.8.0

Oracle Corporation/WebCenter Sites < 12.2.1.0.0

Oracle Corporation/WebCenter Sites < 12.2.1.1.0

Oracle Corporation/WebCenter Sites < 12.2.1.2.0

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026