CVE-2022-21616 Vulnerability in Oracle WebLogic Server. Vulnerable versions are 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. Impacted versions are 12.2.1.2.0 and 12.2.1.1.0.

There are no known exploits in the wild at this time. Please see Oracle's notification for further details about CVSS and how to report these issues. Oracle Collaboration - Easy Tier - CVE-2018-32717 Easy Tier component does not properly restrict access to objects during processing of XML input. A remote attacker could send an XML input document and obtain a valid signature, or an attacker could send an XML input document and obtain access to an object via XML processing. This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H).

There are no known exploits in the wild at this time. Please see Oracle's notification for further details about CVSS and how to report these issues. Oracle Collaboration - Enterprise Manager - CVE-2018-32717 Enterprise Manager component does not properly restrict access to objects during processing of XML input. A remote attacker could send an XML input document and obtain a valid signature, or an attacker could send an XML input document and obtain access to an object via XML processing. This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However

Oracle Collaboration - Easy Tier

- CVE-2018-32717
This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit.

Oracle Collaboration - Enterprise Manager - (EM) CVE-2018-32717

This vulnerability does not have a Common Vulnerability Scoring System rating because it requires social engineering to exploit. However this vulnerability requires no authentication to exploit.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References