Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-10033

8 documents6 sources
Severity
4.0MEDIUM
EPSS
0.6%
top 30.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Webcenter SitesOracle Webcenter Sites
Timeline
PublishedOct 19
Latest updateMar 15

Description

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Sites executes to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessibl

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 1.4 | Impact: 2.5

Affected Packages2 packages

NVDoracle/webcenter_sites11.1.1.8.0, 12.2.1.2.0+1
CVEListV5oracle_corporation/webcenter_sites11.1.1.8.0, 12.2.1.2.0+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
OSV
libphp-phpmailer vulnerability2023-03-15
OSV
libphp-phpmailer vulnerabilities2023-03-15
GHSA
GHSA-47c6-8977-246v: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools)2022-05-13
CVEList
CVE-2017-10033: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools)2017-10-19

💥Exploits & PoCs

1
Exploit-DB
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control2018-05-25

🕵️Threat Intelligence

1
Fortinet
PHPMailer Powered – Use It, But Also Remember to Update It2017-02-16
CVE-2017-10033 (MEDIUM CVSS 4) | Vulnerability in the Oracle WebCent | cvebase.io