Multiple vulnerabilities in Oracle WebCenter Sites

Multiple vulnerabilities in Oracle WebCenter Sites

Danger: Middle
Patch: Yes
Number of vulnerabilities: 5

Impact: Disclosure of sensitive data
Unauthorized manipulation of data

Affected Products:

Oracle WebCenter Sites 11.x

Oracle WebCenter Sites 6.x

Oracle WebCenter Sites 7.x

Affected versions: Oracle WebCenter Sites version 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0.

CVE ID: CVE-2012-3183
CVE-2012-3184
CVE-2012-3185
CVE-2012-3186
CVE-2012-5065

Description:

Can be exploited by malicious people to conduct unauthorized manipulation of data and access to important information.

1. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.

2. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.

3. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.

4. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to change some data.

5. The vulnerability is caused due to an unspecified error in the component ImagePicker. A remote user can change some of the data.

Manufacturer: Oracle Corporation

Solution: Install the update from the manufacturer.

Links:

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.oracle.com/technetwork/topics/security/cpuoct2012verbose-1515934.html

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook