Oracle Webcenter Interaction — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Webcenter Interaction, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-16957 — CVSS 9.8 (critical): The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication…
CVE-2018-16952 — CVSS 8.8 (high): The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact…
CVE-2018-16956 — CVSS 6.5 (medium): The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename…
CVE-2018-16955 — CVSS 6.1 (medium): The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the…
CVE-2018-16954 — CVSS 6.1 (medium): An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure…
CVE-2018-16953 — CVSS 6.1 (medium): The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to…
CVE-2018-16958 — CVSS 5.4 (medium): An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet…
CVE-2018-16959 — CVSS 5.3 (medium): An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User…