Hugo Santiago Dos Santos

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Sites Support Tools versions prior to 4.4.2 **Description** The issue exists due to insufficient input validation in the User Interface component of Oracle WebCenter Sites Support Tools, part of the Oracle Fusion Middleware platform. This allows a remote attacker to gain unauthorized access to read, modify, or add data, or cause a denial of service via the HTTP protocol. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized update, insert, or delete access to some accessible data, and the ability to cause a partial denial of service. **Recommendations** For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Interface component until a patch is available. Avoid using the HTTP protocol to access Oracle WebCenter Sites Support Tools until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Sites versions 12.2.1.3.0 through 12.2.1.4.0 **Description** The issue is related to the Advanced User Interface component of Oracle WebCenter Sites, where the structure of web pages is not properly protected. This can be exploited by a remote attacker to gain unauthorized access to modify, add, or delete data, or to access protected information using the HTTP protocol. The attack requires some interaction from a person other than the attacker and can have significant impacts on additional products. Successful exploitation can result in unauthorized access to update, insert, or delete some data, as well as unauthorized read access to a subset of the data. **Recommendations** For versions 12.2.1.3.0 and 12.2.1.4.0, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.