There are no known exploits in the wild at this time. Please see Oracle's notification for further details about CVSS and how to report these issues. Oracle Collaboration - Easy Tier - CVE-2018-32717 Easy Tier component does not properly restrict access to objects during processing of XML input. A remote attacker could send an XML input document and obtain a valid signature, or an attacker could send an XML input document and obtain access to an object via XML processing. This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H).
There are no known exploits in the wild at this time. Please see Oracle's notification for further details about CVSS and how to report these issues. Oracle Collaboration - Enterprise Manager - CVE-2018-32717 Enterprise Manager component does not properly restrict access to objects during processing of XML input. A remote attacker could send an XML input document and obtain a valid signature, or an attacker could send an XML input document and obtain access to an object via XML processing. This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However
Oracle Collaboration - Easy Tier
- CVE-2018-32717
This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit.
Oracle Collaboration - Enterprise Manager - (EM) CVE-2018-32717
This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC