Articles with tag: Webcenter
POSTED BY:
Dimitrios Glynos
/
12.05.2014
Oracle WebCenter information exposure vulnerability
CENSUS ID: | CENSUS-2014-0001 |
CVE ID: | CVE-2014-0450 |
Oracle Tracking #: | S0388414 (CPUApr2014) |
Affected Products: | Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) |
Class: | Information Exposure (CWE-200), Privacy Violation (CWE-359) |
Remote: | Yes |
Discovered by: | Alex Zaharis |
Researched by: | Alex Zaharis, Patroklos Argyroudis |
The Oracle WebCenter portal component in Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) is vulnerable to an information exposure vulnerability. A malicious user may utilize this vulnerability to gain unauthenticated access to the list of valid usernames of the system, the users’ personal information and files linked to the users’ profiles.