Articles with tag: Webcenter
POSTED BY: Dimitrios Glynos / 12.05.2014

Oracle WebCenter information exposure vulnerability

CVE ID:CVE-2014-0450
Oracle Tracking #:S0388414 (CPUApr2014)
Affected Products:Oracle Fusion Middleware (versions and
Class:Information Exposure (CWE-200), Privacy Violation (CWE-359)
Discovered by:Alex Zaharis
Researched by:Alex Zaharis, Patroklos Argyroudis

The Oracle WebCenter portal component in Oracle Fusion Middleware (versions and is vulnerable to an information exposure vulnerability. A malicious user may utilize this vulnerability to gain unauthenticated access to the list of valid usernames of the system, the users’ personal information and files linked to the users’ profiles.