Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-2578 — Corporation Webcenter Sites vulnerability

4 documents4 sources

Severity

8.6HIGHNVD

EPSS

79.2%

top 0.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Corporation Webcenter Sites Oracle Webcenter Sites

Timeline

PublishedApr 23

Latest updateMay 24

Description

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDoracle/webcenter_sites12.2.1.3.0

▶CVEListV5oracle_corporation/webcenter_sites12.2.1.3.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-x86w-ghh6-6vwx: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI)↗2022-05-24

▶

CVEList

CVE-2019-2578: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI)↗2019-04-23

▶

💥Exploits & PoCs

Nuclei

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control

▶