Vulnerability Details : CVE-2018-16954
Potential exploit
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
Vulnerability category: Open redirect
Products affected by CVE-2018-16954
- cpe:2.3:a:oracle:webcenter_interaction:10.3.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16954
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16954
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
|
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2018-16954
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16954
-
http://www.securityfocus.com/bid/105350
Oracle WebCenter Interaction Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://seclists.org/fulldisclosure/2018/Sep/22
Full Disclosure: Multiple Vulnerabilities in Oracle WebCenter Interaction 10.3.3Exploit;Mailing List;Patch;Third Party Advisory
Jump to