Insecure Redirection Vulnerability in Oracle WebCenter Interaction Portal
CVE-2018-16954

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Webcenter Interaction
Vendor: CVE Published:; 18 September 2018

What is CVE-2018-16954?

A vulnerability has been identified in Oracle WebCenter Interaction Portal 10.3.3 whereby the login function is susceptible to insecure redirection. This occurs because the application fails to validate the 'in_hi_redirect' parameter after a user successfully logs in. This oversight allows attackers to manipulate redirection effectively, potentially leading users to malicious sites without their consent or awareness. It is important to note that Oracle has not validated this CVE due to the product being out of support.

References

https://seclists.org/fulldisclosure/2018/Sep/22

x_refsource_MISC

http://www.securityfocus.com/bid/105350

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
Sep 12, 2018