Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_WEBCENTER_PORTAL_CPU_OCT_2019.NBIN
HistoryOct 17, 2019 - 12:00 a.m.

Oracle WebCenter Portal Arbitrary File Read (Oct 2019 CPU)

2019-10-1700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the October 2019 Critical Patch Update (CPU). It is, therefore, affected by an arbitrary file read vulnerability in the FasterXML jackson-databind subcomponent. This is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this, via sending a crafted JSON message, to read arbitrary files and disclose sensitive information.

Binary data oracle_webcenter_portal_cpu_oct_2019.nbin
VendorProductVersion
oraclefusion_middleware