Vulnerability Name: CVE-2012-3186 (CCN-79303) Assigned: 2012-10-16 Published: 2012-10-16 Updated: 2016-11-22 Summary: Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185 . CVSS v3 Severity: 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P 5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Data Manipulation References: Source: MITRECVE-2012-3186 Oracle WebCenter Sites (AKA FatWire) XSS / SQL Injection / CSRF Oracle WebCenter Sites Multiple Vulnerabilities MDVSA-2013:150 Oracle Critical Patch Update Advisory - October 2012 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Oracle WebCenter Sites CVE-2012-3186 Remote Security Vulnerability webcentersites-advancedui-sql-injection(79303) Offensive Security Exploit Database [10-17-2012] Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:fusion_middleware:7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.5:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.6.2:*:*:*:*:*:*:* Configuration 2 :cpe:/a:oracle:fusion_middleware:6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:6.3:*:*:*:*:*:*:* Configuration 3 :cpe:/a:oracle:fusion_middleware:11.1.1.6.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:fusion_middleware:11.1.1.6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:6.3:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.5:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:7.0:*:*:*:*:*:*:* BACK
oracle fusion middleware 7.0
oracle fusion middleware 7.0.1
oracle fusion middleware 7.0.2
oracle fusion middleware 7.0.3
oracle fusion middleware 7.5
oracle fusion middleware 7.6.1
oracle fusion middleware 7.6.2
oracle fusion middleware 6.1
oracle fusion middleware 6.2
oracle fusion middleware 6.3
oracle fusion middleware 11.1.1.6.0
oracle fusion middleware 11.1.1.6.0
oracle fusion middleware 6.1
oracle fusion middleware 6.2
oracle fusion middleware 6.3
oracle fusion middleware 7.0.1
oracle fusion middleware 7.0.2
oracle fusion middleware 7.0.3
oracle fusion middleware 7.5
oracle fusion middleware 7.6.1
oracle fusion middleware 7.6.2
oracle fusion middleware 7.0
Denotes that component is vulnerable