CVE-2013-3770

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content versions 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0

Description The issue affects confidentiality and integrity, allowing remote authenticated users to exploit it via unknown vectors related to Content Server. There are claims from a third party that the issue might be related to "iDoc script injection" in the cs and urm components, potentially enabling attackers to read sensitive files, such as obtaining the AES encryption key and encrypted credentials of the weblogic user.

Recommendations For versions 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0, consider restricting access to the Content Server component until a fix is available. As a temporary workaround, consider disabling the cs and urm components to minimize the risk of exploitation. Avoid using sensitive files and credentials in the affected components until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.