ID CVE-2014-2400
Summary Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399. Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html "Please refer to My Oracle Support Note 1629648.1 for instructions on how to address this issue."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:fusion_middleware:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware:2.2.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 09-10-2018 - 19:43)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 66857
bugtraq 20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
confirm http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
fulldisc 20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
misc http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html
Last major update 09-10-2018 - 19:43
Published 16-04-2014 - 01:55
Last modified 09-10-2018 - 19:43
Back to Top