← Back

CVE-2018-16957

nvd nist
Published: Sep 18, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

Affected (1)

Oracle
1 product
Webcenter Interaction
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Webcenter Interaction
Version 10.3.3

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.