Vulnerability-Lookup

CNVD-2015-02556

Vulnerability from cnvd - Published: 2015-04-21

Title

Oracle Right Now Service Cloud Knowledge组件存在漏洞

Description

Oracle Right Now Service Cloud是一套云端服务解决方案，它提供聊天服务、跨渠道社区协作和内容管理等功能。 Oracle Right Now Service Cloud的Oracle Knowledge组件中的Information Manager Console子组件存在安全漏洞，远程攻击者可利用漏洞影响系统完整性。

Severity

中

Patch Name

Oracle Right Now Service Cloud Knowledge组件存在漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Reference

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Impacted products

Name
['Oracle Right Now Service Cloud 8.2.3.10.1', 'Oracle Right Now Service Cloud 8.4.7.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74099"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0440"
    }
  },
  "description": "Oracle Right Now Service Cloud\u662f\u4e00\u5957\u4e91\u7aef\u670d\u52a1\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u63d0\u4f9b\u804a\u5929\u670d\u52a1\u3001\u8de8\u6e20\u9053\u793e\u533a\u534f\u4f5c\u548c\u5185\u5bb9\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nOracle Right Now Service Cloud\u7684Oracle Knowledge\u7ec4\u4ef6\u4e2d\u7684Information Manager Console\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5f71\u54cd\u7cfb\u7edf\u5b8c\u6574\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02556",
  "openTime": "2015-04-21",
  "patchDescription": "Oracle Right Now Service Cloud\u662f\u4e00\u5957\u4e91\u7aef\u670d\u52a1\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u63d0\u4f9b\u804a\u5929\u670d\u52a1\u3001\u8de8\u6e20\u9053\u793e\u533a\u534f\u4f5c\u548c\u5185\u5bb9\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nOracle Right Now Service Cloud\u7684Oracle Knowledge\u7ec4\u4ef6\u4e2d\u7684Information Manager Console\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5f71\u54cd\u7cfb\u7edf\u5b8c\u6574\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Right Now Service Cloud Knowledge\u7ec4\u4ef6\u5b58\u5728\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Right Now Service Cloud 8.2.3.10.1",
      "Oracle Right Now Service Cloud 8.4.7.2"
    ]
  },
  "referenceLink": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-19",
  "title": "Oracle Right Now Service Cloud Knowledge\u7ec4\u4ef6\u5b58\u5728\u6f0f\u6d1e"
}

CVE-2015-0440 (GCVE-0-2015-0440)

Vulnerability from cvelistv5 – Published: 2015-04-16 16:00 – Updated: 2024-08-06 04:10

Summary

Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console.

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

http://www.oracle.com/technetwork/topics/security…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:10.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-16T15:57:00",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2015-0440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2015-0440",
    "datePublished": "2015-04-16T16:00:00",
    "dateReserved": "2014-12-17T00:00:00",
    "dateUpdated": "2024-08-06T04:10:10.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-02556

CVE-2015-0440 (GCVE-0-2015-0440)

Tags

Sightings

Nomenclature