Lucene search
K
OracleWebcenter Interaction

8 matches found

CVE
CVE
added 2018/09/18 2:0 a.m.42 views

CVE-2018-16957

Oracle WebCenter Interaction 10.3.3 search service’s queryd.exe is built with a hardcoded password (i1g2s3c4) used for authentication, and customers cannot customize this credential. A remote attacker could issue search queries over the network to exfiltrate large amounts of sensitive information...

10CVSS8.9AI score0.03444EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.42 views

CVE-2018-16958

Oracle WebCenter Interaction Portal 10.3.3 is affected. ASP.NET_SessionID cookie used with IIS/ASP.NET is not protected by HttpOnly, and customers cannot enable the attribute. This exposes the cookie to session hijacking if JavaScript runs in the portal origin. No explicit fix/mitigation is provi...

5.8CVSS5.2AI score0.00896EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.40 views

CVE-2018-16956

CVE-2018-16956 affects Oracle WebCenter Interaction Portal 10.3.3, specifically the AjaxControl component. The vulnerability arises because page rename requests do not validate the target page name, allowing characters unsupported by the web server (e.g., 0x7f) to be used. This can render renamed...

6.5CVSS6.2AI score0.01245EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.39 views

CVE-2018-16953

The CVE-2018-16953 entry affects Oracle WebCenter Interaction Portal 10.3.3. Specifically, the AjaxView::DisplayResponse() function in portalpages.dll reflects unsanitized user input from the name parameter in the server response, enabling reflected cross-site scripting (XSS). The vulnerability i...

6.1CVSS5.7AI score0.00823EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.39 views

CVE-2018-16954

Summary: CVE-2018-16954 affects Oracle WebCenter Interaction Portal 10.3.3. The login function does not validate the in_hi_redirect parameter, enabling an open redirect after successful login. This is due to insecure redirection in the login flow. The vulnerability’s exploitation details, affecte...

6.1CVSS5.8AI score0.01071EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.39 views

CVE-2018-16955

CVE-2018-16955 concerns Oracle WebCenter Interaction Portal 10.3.3. The vulnerability is a reflected cross-site scripting (XSS) in the login function: the content of the in_hi_redirect parameter, when prefixed with https://, is unsafely reflected into an HTML META tag in the HTTP response. This i...

6.1CVSS5.8AI score0.00823EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.37 views

CVE-2018-16959

An observed vulnerability in Oracle WebCenter Interaction Portal 10.3.3 arises from an insecure default User Profile configuration in the portal component. This allows anonymous users to retrieve the account names of portal users via /portal/server.pt/user/user/ requests. When WebCenter Interacti...

5.3CVSS4.8AI score0.0124EPSS
CVE
CVE
added 2018/09/18 2:0 a.m.36 views

CVE-2018-16952

The CVE describes a CSRF design flaw in Oracle WebCenter Interaction Portal 10.3.3, where protection against CSRF is not implemented. This allows potential unauthorized actions in the portal, such as changing a user’s password. The issue is documented across multiple feeds (NVD, CVE listing, CNVD...

8.8CVSS8.4AI score0.00666EPSS