CVE-2018-19439

Опубликовано: 13 дек. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Ссылки

http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/58
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/106006
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/58
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/106006
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.38875

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j5mj-gj9w-rjq6

CVSS3: 6.1

github

больше 3 лет назад

BDU:2019-02399

CVSS3: 6.1

fstec

около 7 лет назад

Уязвимость консоли администрирования программного средства Oracle Secure Global Desktop, позволяющая выполнить произвольный код в браузере пользователя или получить доступ к конфиденциальной информации

EPSS

Процентиль: 97%

0.38875

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79