Vulnerability Description
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Secure Global Desktop | 4.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-AdminisExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Nov/58ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/106006Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-AdminisExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Nov/58ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/106006Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-19439?
CVE-2018-19439 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as dem...
How severe is CVE-2018-19439?
CVE-2018-19439 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19439?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Secure Global Desktop.