Vulnerability CVE-2012-0085

Vulnerability Name:

CVE-2012-0085 (CCN-72475)

Assigned:

2011-12-12

Published:

2012-01-17

Updated:

2017-08-29

Summary:

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2012-0085

Source: CCN
Type: SA47616
Oracle Application Server Cross-Site Scripting and SQL Injection Vulnerabilities

Source: CCN
Type: Oracle Critical Patch Update Advisory - January 2012
Oracle Critical Patch Update Advisory - January 2012

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Source: CCN
Type: OSVDB ID: 78405
Oracle Fusion Middleware WebCenter Content Component idc/help/user_help/wwhelp/wwhimpl/common/html/frameset.htm URI XSS

Source: BID
Type: UNKNOWN
51457

Source: CCN
Type: BID-51457
Oracle Fusion Middleware CVE-2012-0085 Remote Security Vulnerability

Source: XF
Type: UNKNOWN
fusionmiddleware-webcenter-cve20120085(72475)

Source: XF
Type: UNKNOWN
fusionmiddleware-webcenter-cve20120085(72475)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:fusion_middleware:7.5.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:fusion_middleware:10.1.3.5.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:fusion_middleware:10.1.3.5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:fusion_middleware:7.5.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK