Vulnerability Details : CVE-2014-0391
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to End User Self Service.
Exploit prediction scoring system (EPSS) score for CVE-2014-0391
Probability of exploitation activity in the next 30 days: 0.42%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0391
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2014-0391
-
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Oracle Critical Patch Update - January 2014Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/64829
Oracle Identity Manager CVE-2014-0391 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1029613
Oracle Fusion Middleware Bugs Let Remote and Local Users Access Data and Deny Service and Remote Users Modify Data - SecurityTrackerThird Party Advisory;VDB Entry
Products affected by CVE-2014-0391
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:11.1.2.1.0:*:*:*:*:*:*:*