Skip to main content

Webcenter Interaction

8 CVEs product

Monthly

CVE-2018-16959 MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-16958 MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-16957 CRITICAL Act Now

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Webcenter Interaction
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-16956 MEDIUM This Month

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Webcenter Interaction
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-16955 MEDIUM This Month

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16954 MEDIUM POC This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Open Redirect Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-16953 MEDIUM This Month

The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16952 HIGH This Week

The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle CSRF Webcenter Interaction
NVD
CVSS 3.0
8.8
EPSS
0.7%
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Webcenter Interaction
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Webcenter Interaction
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Open Redirect Webcenter Interaction
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle CSRF Webcenter Interaction
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy