Main Vulnerability Database Vulnerabilities #VU40696

Input validation error in Oracle Commerce Platform - CVE-2015-2607

Published: July 16, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40696

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-2607

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Commerce Platform

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affect confidentiality via unknown vectors related to Content Acquisition System.

How to mitigate CVE-2015-2607

Install update from vendor's website.

Sources

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Input validation error in Oracle Commerce Platform - CVE-2015-2607

Detailed vulnerability description

How to mitigate CVE-2015-2607

Sources

Please verify you're human