CVE-2019-2578

EPSS 79.17% · P99 Updated Feb 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-2578

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Fusion Middleware WebCenter Sites 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle Fusion Middleware（Oracle融合中间件）是美国甲骨文（Oracle）公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。WebCenter Sites是其中的一个Web体验管理组件，它可让营销人员和业务用户在全球范围内跨多个渠道创建和管理互动式社交在线体验，以提升销量和客户忠诚度。 Oracle Fusion Middleware中的WebCenter Sites组件12.2.1.3.0版本的Advanced UI子组件存在安全漏洞。攻击者可利用

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Oracle Corporation	WebCenter Sites	12.2.1.3.0	-

II. Public POCs for CVE-2019-2578

#	POC Description	Source Link	Shenlong Link
1	Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-2578.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-2578

请登录查看更多情报信息。

Same Patch Batch · Oracle Corporation · 2019-04-23 · 159 CVEs total

CVE-2019-2664		Oracle E-Business Suite Marketing组件访问控制错误漏洞
CVE-2019-2655		Oracle E-Business Suite Interaction Center Intelligence组件访问控制错误漏洞
CVE-2019-2656		Oracle Virtualization VM VirtualBox组件输入验证错误漏洞
CVE-2019-2657		Oracle Virtualization VM VirtualBox组件输入验证错误漏洞
CVE-2019-2658		Oracle Fusion Middleware WebLogic Server组件访问控制错误漏洞
CVE-2019-2659		Oracle Commerce Platform组件访问控制错误漏洞
CVE-2019-2660		Oracle E-Business Suite Knowledge Management组件访问控制错误漏洞
CVE-2019-2661		Oracle E-Business Suite Email Center组件访问控制错误漏洞
CVE-2019-2662		Oracle E-Business Suite Territory Management组件访问控制错误漏洞
CVE-2019-2663		Oracle E-Business Suite Advanced Outbound Telephony组件访问控制错误漏洞
CVE-2019-2673		Oracle E-Business Suite Marketing组件访问控制错误漏洞
CVE-2019-2677		Oracle E-Business Suite Marketing组件访问控制错误漏洞
CVE-2019-2676		Oracle E-Business Suite CRM Technical Foundation组件访问控制错误漏洞
CVE-2019-2675		Oracle E-Business Suite CRM Technical Foundation组件访问控制错误漏洞
CVE-2019-2674		Oracle E-Business Suite One-to-One Fulfillment组件访问控制错误漏洞
CVE-2019-2670		Oracle E-Business Suite Marketing组件访问控制错误漏洞
CVE-2019-2665		Oracle E-Business Suite Common Applications组件访问控制错误漏洞
CVE-2019-2669		Oracle E-Business Suite CRM Technical Foundation组件访问控制错误漏洞
CVE-2019-2654		Oracle E-Business Suite One-to-One Fulfillment组件访问控制错误漏洞
CVE-2019-2671		Oracle E-Business Suite CRM Technical Foundation组件访问控制错误漏洞

Showing top 20 of 159 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: WebCenter Sites

Same vendor: Oracle Corporation

V. Comments for CVE-2019-2578

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-2578

I. Basic Information for CVE-2019-2578

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2019-2578

III. Intelligence Information for CVE-2019-2578

Same Patch Batch · Oracle Corporation · 2019-04-23 · 159 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-2578

Leave a comment