Lucene search

MitreCVE-2018-19439

HistoryDec 13, 2018 - 7:29 p.m.

CVE-2018-19439

2018-12-1319:29:00

CWE-79

mitre

web.nvd.nist.gov

cve-2018-19439

xss

oracle secure global desktop

nvd

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

67.9%

JSON

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Affected configurations

Nvd

Node

oraclesecure_global_desktopMatch4.4

VendorProductVersionCPE
oraclesecure_global_desktop4.4cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	secure_global_desktop	4.4	cpe:2.3:a:oracle:secure_global_desktop:4.4:::::::*

References

packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2018/Nov/58

www.securityfocus.com/bid/106006

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

67.9%

JSON

Related for CVE-2018-19439