Multiple vulnerabilities in Oracle WebCenter Content
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-20928 CVE-2023-5072 |
| CWE-ID | CWE-20 CWE-770 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Oracle WebCenter Content Web applications / CMS |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU85463
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-20928
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Content Server component in Oracle WebCenter Content. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle WebCenter Content: 12.2.1.4.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujan2024.html?62352
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU82276
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5072
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle WebCenter Content: 12.2.1.4.0
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpujan2024.html?62352
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
