Multiple vulnerabilities in Oracle WebCenter Sites

Posted: October 19, 2012 in Vulnerabilities
Tags: , ,

Oracle LogoMultiple vulnerabilities in Oracle WebCenter Sites

Danger: Middle
Patch: Yes
Number of vulnerabilities: 5

Impact: Disclosure of sensitive data
Unauthorized manipulation of data

Affected Products:

  • Oracle WebCenter Sites 11.x
  • Oracle WebCenter Sites 6.x
  • Oracle WebCenter Sites 7.x

Affected versions: Oracle WebCenter Sites version 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0.

CVE ID: CVE-2012-3183
CVE-2012-3184
CVE-2012-3185
CVE-2012-3186
CVE-2012-5065

Description:

Can be exploited by malicious people to conduct unauthorized manipulation of data and access to important information.

1. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.

2. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.

3. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.

4. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to change some data.

5. The vulnerability is caused due to an unspecified error in the component ImagePicker. A remote user can change some of the data.

Manufacturer: Oracle Corporation

Solution: Install the update from the manufacturer.

Links:

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.oracle.com/technetwork/topics/security/cpuoct2012verbose-1515934.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s