SB2019011582 - Multiple vulnerabilities in Oracle WebCenter Portal 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019011582

SB2019011582 - Multiple vulnerabilities in Oracle WebCenter Portal

Published: January 15, 2019

Security Bulletin ID SB2019011582
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2019-2427)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the WebCenter Spaces Application component in Oracle WebCenter Portal. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


2) Improper input validation (CVE-ID: CVE-2018-1000180)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the IDIH Visualization (Bouncy Castle Java Library) component in Oracle Communications Diameter Signaling Router (DSR). A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


3) Remote code execution (CVE-ID: CVE-2018-14718)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the failure to block the slf4j-ext class from polymorphic deserialization. A remote attacker can execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References