Vulnerability Details : CVE-2013-3770
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is related to "iDoc script injection" in the (1) cs and (2) urm components, which allows attackers to read "sensitive" files, as demonstrated by obtaining the "AES encryption key and encrypted credentials" of the weblogic user.
Products affected by CVE-2013-3770
- cpe:2.3:a:oracle:fusion_middleware:10.1.3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3770
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3770
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST |
References for CVE-2013-3770
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85658
Oracle WebCenter Content Server unspecified CVE-2013-3770 Vulnerability Report
-
http://www.securitytracker.com/id/1028801
Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data - SecurityTracker
-
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1038
Protect Your Business with Verisign’s Security Services – Verisign
-
http://www.securityfocus.com/bid/61228
Oracle WebCenter Content CVE-2013-3770 Remote Security Vulnerability
-
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Oracle Critical Patch Update - July 2013Vendor Advisory
Jump to