Articles with tag: Privacy Violation
POSTED BY:
Dimitrios Glynos
/
12.05.2014
Oracle WebCenter information exposure vulnerability
| CENSUS ID: | CENSUS-2014-0001 |
| CVE ID: | CVE-2014-0450 |
| Oracle Tracking #: | S0388414 (CPUApr2014) |
| Affected Products: | Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) |
| Class: | Information Exposure (CWE-200), Privacy Violation (CWE-359) |
| Remote: | Yes |
| Discovered by: | Alex Zaharis |
| Researched by: | Alex Zaharis, Patroklos Argyroudis |
The Oracle WebCenter portal component in Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) is vulnerable to an information exposure vulnerability. A malicious user may utilize this vulnerability to gain unauthenticated access to the list of valid usernames of the system, the users’ personal information and files linked to the users’ profiles.