Main Vulnerability Database Vulnerabilities #VU40691

Input validation error in Oracle Commerce Platform - CVE-2015-2653

Published: July 16, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40691

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-2653

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Commerce Platform

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Acquisition System.

How to mitigate CVE-2015-2653

Install update from vendor's website.

Sources

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Input validation error in Oracle Commerce Platform - CVE-2015-2653

Detailed vulnerability description

How to mitigate CVE-2015-2653

Sources

Please verify you're human