PT-2018-13793 · Oracle · Oracle Webcenter Interaction Portal

Ben N

Published

2018-09-18

Updated

2018-12-13

CVE-2018-16954

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction Portal version 10.3.3

Description The login function of the portal is vulnerable to insecure redirection, also known as an open redirect. The in hi redirect parameter is not validated by the application after a successful login.

Recommendations For Oracle WebCenter Interaction Portal version 10.3.3, as a temporary workaround, consider validating the in hi redirect parameter after a successful login to prevent insecure redirection. However, since Oracle WebCenter Interaction Portal is out of support, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2018-16954

Affected Products

Oracle Webcenter Interaction Portal

PT-2018-13793 · Oracle · Oracle Webcenter Interaction Portal

CVE-2018-16954

Weakness Enumeration

Related Identifiers

Affected Products

References · 4