CVE-2013-3827

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

Published: Oct 16, 2013
Updated: May 9, 2024
CVE: CVE-2013-3827
GHSA: GHSA-q388-j7cw-ff7w
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
oracle / fusion_middleware	3.1.2	3.1.2.x
oracle / fusion_middleware	12.1.1	12.1.1.x
oracle / fusion_middleware	3.0.1	3.0.1.x
oracle / fusion_middleware	10.3.6	10.3.6.x
oracle / fusion_middleware	2.1.1	2.1.1.x
oracle / fusion_middleware	11.1.2.3.0	11.1.2.3.0.x
oracle / fusion_middleware	12.1.2.0.0	12.1.2.0.0.x
oracle / fusion_middleware	11.1.2.4.0	11.1.2.4.0.x
org.glassfish / javax.faces	2.0.0	2.1.19

Vulnerability Database

289,697

CVE-2013-3827