Oracle Webcenter Sites vulnerabilities

CVE-2017-3541 [HIGH] CVE-2017-3541: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Ser Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vuln

CVE-2017-3595 [HIGH] CVE-2017-3595: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Adv Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this

CVE-2017-3554 [HIGH] CVE-2017-3554: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Cat Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of thi

CVE-2017-3594 [MEDIUM] CVE-2017-3594: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Adv Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of thi

CVE-2017-3597 [MEDIUM] CVE-2017-3597: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Adv Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks requir

CVE-2017-3598 [LOW] CVE-2017-3598: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Adv Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this v

CVE-2017-3603 [LOW] CVE-2017-3603: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Adv Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this v

CVE-2016-5511 [MEDIUM] CWE-254 CVE-2016-5511: Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.

CVE-2016-3487 [HIGH] CVE-2016-3487: Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2016-3502 [MEDIUM] CVE-2016-3502: Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2015-3253 [CRITICAL] CWE-74 CVE-2015-3253: The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows re The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

CVE-2014-0107 [HIGH] CWE-264 CVE-2014-0107: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certai The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-head

CVE-2013-4316 [CRITICAL] CWE-16 CVE-2013-4316: Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.