CVE-2020-28390

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Core versions 8.2 through 8.3

Description: The issue is related to an information leakage vulnerability in the handling of web client sessions. This could allow a local attacker with access to the Web Client Session Storage to disclose the passwords of currently logged-in users.

Recommendations: For Opcenter Execution Core versions 8.2 and 8.3, consider restricting access to the Web Client Session Storage to minimize the risk of exploitation. As a temporary workaround, limit the privileges of local attackers to prevent them from accessing sensitive session data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.