Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-58


Oracle Fusion Middleware Flaws Let Remote Users Access and Modify Data and Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Severity Rating: High
Systems Affected:
  • Oracle Fusion Middleware
Description
Multiple vulnerabilities were reported in Oracle Fusion Middleware and they can be exploited by remote attackers to access and modify data, cause denial of service conditions and gain elevated privileges on the vulnerable system.
 
 
·         A remote authenticated user can exploit a flaw in the Oracle Identity Manager Rules Engine component to gain elevated privileges.
 
·         A remote user can exploit a flaw in the Oracle Fusion Middleware MapViewer Map Builder component to partially access data, modify data, and partially deny service.
 
·         A remote user can exploit a flaw in the Oracle WebCenter Sites Server component to partially access data, partially modify data, and deny service.
 
·         A remote user can exploit a flaw in the Oracle WebCenter Content Server component to access and partially modify data.
 
·         A remote user can exploit a flaw in the Oracle WebCenter Sites Blob Server component to partially access data and modify data.
 
·         A remote user can exploit a flaw in the Oracle WebCenter Sites Server component to access and partially modify data.
 
·         A remote user can exploit a flaw in the Oracle API Gateway Oracle API Gateway component to access and modify data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to access and modify data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Catalog Mover component to access and modify data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to access data, partially modify data, and partially deny service.
 
·         A remote user can exploit a flaw in the Oracle Social Network Android Client component to access data.
 
·         A remote user can exploit a flaw in the Oracle Service Bus Web Console Design component to partially access data, partially modify data, and partially deny service.
 
·         A remote user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to access and partially modify data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to access and partially modify data.
 
·         A remote user can exploit a flaw in the Oracle WebCenter Sites Catalog Mover component to partially access data and modify data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to access and partially modify data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to access data.
 
·         A remote authenticated user can exploit a flaw in the Oracle WebCenter Sites Advanced UI component to partially access data.
 
Solution
Users are advised to apply updates.
More information is available on:
 
CVE Information
 
List of other CVE Information:
 
Vendor Information
Oracle
 
References
 
Security Tracker
 
Oracle Security
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis