Cross-site Request Forgery Vulnerability in Oracle WebCenter Interaction Portal
CVE-2018-16952

8.8HIGH

Key Information:

Vendor: Oracle
Status: Webcenter Interaction
Vendor: CVE Published:; 18 September 2018

Summary

The Oracle WebCenter Interaction Portal version 10.3.3 lacks adequate protection against Cross-site Request Forgery (CSRF) attacks, allowing unauthorized users to perform sensitive actions without consent. This vulnerability could potentially enable malicious actors to change user passwords or execute other critical operations on behalf of legitimate users. Notably, this vulnerability is acknowledged by MITRE but has not been validated by Oracle, as the product is no longer supported.

References

https://seclists.org/fulldisclosure/2018/Sep/22

x_refsource_MISC

http://www.securityfocus.com/bid/105350

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
Sep 12, 2018