| Vulnerability Name: | CVE-2015-2603 (CCN-104663) | ||||||||
| Assigned: | 2015-07-14 | ||||||||
| Published: | 2015-07-14 | ||||||||
| Updated: | 2016-12-22 | ||||||||
| Summary: | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-2603 Source: CCN Type: Oracle Critical Patch Update - July 2015 Oracle Critical Patch Update - July 2015 Source: CONFIRM Type: Patch, Vendor Advisory http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Source: BID Type: UNKNOWN 75754 Source: CCN Type: BID-75754 Oracle Endeca Information Discovery Studio CVE-2015-2603 Authentication Bypass Vulnerability Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-15-356 Source: XF Type: UNKNOWN oracle-cpujuly2015-cve20152603(104663) Source: CCN Type: ZDI-15-356 Oracle Endeca Information Discovery Integrator ETL Server Authentication Bypass Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||