cnvd - cnvd-2017-06054

cnvd-2017-06054

Vulnerability from cnvd

Title

Oracle Fusion Middleware MapViewer远程漏洞

Description

Oracle Fusion Middleware是一个全面的中间件产品系列，由SOA和中间件产品组成。 Oracle Fusion Middleware MapViewer 11.1.1.9, 12.2.1.1, 12.2.1.2版本在存在远程安全漏洞，允许攻击者影响机密性、完整性、可用性。

Severity

高

Patch Name

Oracle Fusion Middleware MapViewer远程漏洞的补丁

Patch Description

Oracle Fusion Middleware是一个全面的中间件产品系列，由SOA和中间件产品组成。 Oracle Fusion Middleware MapViewer 11.1.1.9, 12.2.1.1, 12.2.1.2版本在存在远程安全漏洞，允许攻击者影响机密性、完整性、可用性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Reference

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Impacted products

Name
['Oracle Fusion Middleware MapViewer 12.2.1.2', 'Oracle Fusion Middleware MapViewer 12.2.1.1', 'Oracle Fusion Middleware MapViewer 11.1.1.9']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97746"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3230"
    }
  },
  "description": "Oracle Fusion Middleware\u662f\u4e00\u4e2a\u5168\u9762\u7684\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u7cfb\u5217\uff0c\u7531SOA\u548c\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u7ec4\u6210\u3002\r\n\r\nOracle Fusion Middleware MapViewer 11.1.1.9, 12.2.1.1, 12.2.1.2\u7248\u672c\u5728\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5f71\u54cd\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u3001\u53ef\u7528\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06054",
  "openTime": "2017-05-07",
  "patchDescription": "Oracle Fusion Middleware\u662f\u4e00\u4e2a\u5168\u9762\u7684\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u7cfb\u5217\uff0c\u7531SOA\u548c\u4e2d\u95f4\u4ef6\u4ea7\u54c1\u7ec4\u6210\u3002\r\n\r\nOracle Fusion Middleware MapViewer 11.1.1.9, 12.2.1.1, 12.2.1.2\u7248\u672c\u5728\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5f71\u54cd\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u3001\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Fusion Middleware MapViewer\u8fdc\u7a0b\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Fusion Middleware MapViewer 12.2.1.2",
      "Oracle Fusion Middleware MapViewer  12.2.1.1",
      "Oracle Fusion Middleware MapViewer  11.1.1.9"
    ]
  },
  "referenceLink": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-21",
  "title": "Oracle Fusion Middleware MapViewer\u8fdc\u7a0b\u6f0f\u6d1e"
}

CVE-2017-3230 (GCVE-0-2017-3230)

Vulnerability from cvelistv5

Published

2017-04-24 19:00

Modified

2024-10-07 16:23

Severity ?

CWE

Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Fusion Middleware MapViewer.

Summary

Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).

References

URL

Tags

	http://www.securitytracker.com/id/1038291	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97746	vdb-entry, x_refsource_BID