Multiple vulnerabilities in Oracle WebCenter Sites
Danger: Middle
Patch: Yes
Number of vulnerabilities: 5
Impact: Disclosure of sensitive data
Unauthorized manipulation of data
Affected Products:
- Oracle WebCenter Sites 11.x
- Oracle WebCenter Sites 6.x
- Oracle WebCenter Sites 7.x
Affected versions: Oracle WebCenter Sites version 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0.
CVE ID: CVE-2012-3183
CVE-2012-3184
CVE-2012-3185
CVE-2012-3186
CVE-2012-5065
Description:
Can be exploited by malicious people to conduct unauthorized manipulation of data and access to important information.
1. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.
2. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.
3. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to gain access to certain information and change some data.
4. An unspecified error in the Advanced UI. This can be exploited via a specially crafted HTTP request to change some data.
5. The vulnerability is caused due to an unspecified error in the component ImagePicker. A remote user can change some of the data.
Manufacturer: Oracle Corporation
Solution: Install the update from the manufacturer.
Links:
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.oracle.com/technetwork/topics/security/cpuoct2012verbose-1515934.html
