CVE-2018-16958 is a vulnerability in Oracle Webcenter Interaction

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.

Products Associated with CVE-2018-16958

Want to know whenever a new CVE is published for Oracle Webcenter Interaction? stack.watch will email you.

Exploit Probability

EPSS

0.21%

Percentile

43.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-16958 is a vulnerability in Oracle Webcenter InteractionPublished on September 18, 2018

Products Associated with CVE-2018-16958

Exploit Probability

CVE-2018-16958 is a vulnerability in Oracle Webcenter Interaction
Published on September 18, 2018