CVE-2018-16957

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction version 10.3.3

Description The Oracle WebCenter Interaction search service queryd.exe binary contains a hardcoded password i1g2s3c4. This password is used for authentication to the search service and cannot be customized. An adversary with network access to the service could exploit this to perform search queries and extract large quantities of sensitive information.

Recommendations For Oracle WebCenter Interaction version 10.3.3, consider restricting access to the search service to minimize the risk of exploitation, as the hardcoded password cannot be changed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.