CVE-2018-19439

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Secure Global Desktop
Vendor
CVE Published:
13 December 2018

Summary

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

References

http://packetstormsecurity.com/files/150444/Oracle-Secure...
x_refsource_MISC
http://www.securityfocus.com/bid/106006
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Nov/58
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.