Vulnerabilities > Oracle > Webcenter Interaction

DATE CVE VULNERABILITY TITLE RISK
2018-09-18 CVE-2018-16959 Information Exposure vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-200
5.0
5.0
2018-09-18 CVE-2018-16958 Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
oracle CWE-732
5.8
5.8
2018-09-18 CVE-2018-16957 Use of Hard-coded Credentials vulnerability in Oracle Webcenter Interaction 10.3.3
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password.
network
low complexity
oracle CWE-798
critical
 10.0
10
2018-09-18 CVE-2018-16956 Improper Input Validation vulnerability in Oracle Webcenter Interaction 10.3.3
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests.
network
low complexity
oracle CWE-20
4.0
4.0
2018-09-18 CVE-2018-16955 Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3
The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).
network
oracle CWE-79
4.3
4.3
2018-09-18 CVE-2018-16954 Open Redirect vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
oracle CWE-601
5.8
5.8
2018-09-18 CVE-2018-16953 Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3
The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).
network
oracle CWE-79
4.3
4.3
2018-09-18 CVE-2018-16952 Cross-Site Request Forgery (CSRF) vulnerability in Oracle Webcenter Interaction 10.3.3
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design.
network
oracle CWE-352
6.8
6.8