1. Home
  2. CVE Database
  3. CVE-2013-3770
MEDIUM · 5.5

CVE-2013-3770

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and i...

Vulnerability Description

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is related to "iDoc script injection" in the (1) cs and (2) urm components, which allows attackers to read "sensitive" files, as demonstrated by obtaining the "AES encryption key and encrypted credentials" of the weblogic user.

CVSS Score

5.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
OracleFusion Middleware10.1.3.5.1

References

FAQ

What is CVE-2013-3770?

CVE-2013-3770 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and i...

How severe is CVE-2013-3770?

CVE-2013-3770 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3770?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Fusion Middleware.