Cross-Site Scripting Vulnerability in Oracle Secure Global Desktop Administration Console
CVE-2018-19439

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Secure Global Desktop
Vendor
CVE Published:
13 December 2018

Summary

This vulnerability in the Administration Console of Oracle Secure Global Desktop allows attackers to exploit reflected XSS through various parameters within the helpwindow.jsp file. Specifically, the windowTitle parameter can be manipulated, leading to potential security breaches, including unauthorized access to sensitive data and user sessions. This issue was identified in version 4.4 (build 20080807152602) and has been addressed in later versions, ensuring increased security for users.

References

http://packetstormsecurity.com/files/150444/Oracle-Secure...
x_refsource_MISC
http://www.securityfocus.com/bid/106006
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Nov/58
mailing-listx_refsource_FULLDISC

EPSS Score

62% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.