PT-2018-13793 · Oracle · Oracle Webcenter Interaction Portal

Ben N

Publicado

2018-09-18

Atualizado

2018-12-13

CVE-2018-16954

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction Portal version 10.3.3

Description The login function of the portal is vulnerable to insecure redirection, also known as an open redirect. The in hi redirect parameter is not validated by the application after a successful login.

Recommendations For Oracle WebCenter Interaction Portal version 10.3.3, as a temporary workaround, consider validating the in hi redirect parameter after a successful login to prevent insecure redirection. However, since Oracle WebCenter Interaction Portal is out of support, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2018-16954

Produtos afetados

Oracle Webcenter Interaction Portal

PT-2018-13793 · Oracle · Oracle Webcenter Interaction Portal

CVE-2018-16954

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4