CVE-2013-3770 in Oracle Oracle WebCenter Contentinfo

Summary

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is related to "iDoc script injection" in the (1) cs and (2) urm components, which allows attackers to read "sensitive" files, as demonstrated by obtaining the "AES encryption key and encrypted credentials" of the weblogic user.

Reservation

06/03/2013

Disclosure

07/17/2013

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
9593	Oracle Oracle WebCenter Content Content Server missing encryption	311	Unproven	Official fix	CVE-2013-3770

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!