Vulnerabilities > Oracle > Webcenter Interaction
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-18 | CVE-2018-16959 | Information Exposure vulnerability in Oracle Webcenter Interaction 10.3.3 An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. | 5.0 |
2018-09-18 | CVE-2018-16958 | Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3 An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. | 5.8 |
2018-09-18 | CVE-2018-16957 | Use of Hard-coded Credentials vulnerability in Oracle Webcenter Interaction 10.3.3 The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. | 10.0 |
2018-09-18 | CVE-2018-16956 | Improper Input Validation vulnerability in Oracle Webcenter Interaction 10.3.3 The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. | 4.0 |
2018-09-18 | CVE-2018-16955 | Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3 The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). | 4.3 |
2018-09-18 | CVE-2018-16954 | Open Redirect vulnerability in Oracle Webcenter Interaction 10.3.3 An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. | 5.8 |
2018-09-18 | CVE-2018-16953 | Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3 The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). | 4.3 |
2018-09-18 | CVE-2018-16952 | Cross-Site Request Forgery (CSRF) vulnerability in Oracle Webcenter Interaction 10.3.3 The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. | 6.8 |