Due to insecure session management, an attacker can hijack user session and perform any action on behalf of the victim.

Risk of escalated privileges (ROP) in Oracle Applications Framework. ROP can be exploited by low privileged attacker with network access via SSH or HTTP to gain elevated privileges. CVSS 3.1 Base Score 7 (Privilege escalation). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Oracle Secure Global Desktop (SGD) is software that allows users to access corporate resources from a remote location, such as home or a mobile device. The SGD client software is vulnerable to a session hijacking attack. A remote attacker can exploit this vulnerability by issuing a request to the server which is vulnerable to session hijacking and causing the client to use malicious code. CVSS 3.1 Base Score 7.4 (Confidentiality High). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

CVE-2016-2711 Risk of elevated privileges (ROP) in Oracle Secure Global Desktop (SGD). ROP can be exploited by low privileged attacker with network access via HTTP or SSH to gain elevated privileges.CV

Oracle WebLogic Server Risk

A vulnerability in the Java and Oracle WebLogic Server components of Oracle Application Server could lead to a security breach. CVSS 3.1 Base Score 6.6 (Remote Code Execution). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Oracle Secure Global Desktop (SGD) is software that allows users to access corporate resources from a remote location, such as home or a mobile device. The SGD client software is vulnerable to session hijacking attacks. A remote attacker can exploit this vulnerability by issuing a request to the server which is vulnerable to session hijacking and causing the client to use malicious code. CVSS 3.1 Base Score 7.4 (Confidentiality High). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C :H /I :H /A :H).

Oracle Secure Global Desktop (SGD) Overview

Oracle Secure Global Desktop (SGD) is software that allows users to access corporate resources from a remote location, such as home or a mobile device. The SGD client software is vulnerable to a session hijacking attack. A remote attacker can exploit this vulnerability by issuing a request to the server which is vulnerable to session hijacking and causing the client to use malicious code.
The SGD Client software is vulnerable to ROP through insecure session management.

Oracle HTTP Server – CVE-2016-2712 Risk of denial of service (DoS) in Oracle HTTP Server

. A remote attacker with network access via HTTP can exploit this vulnerability to cause a denial of service condition on the target server. CVSS 3.1 Base Score 9 (Denial of Service). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Oracle Information Security Services (OSS) has been updated to mitigate the risk of a "session hijacking" attack

Risk of elevated privileges (ROP) in Oracle Secure Global Desktop (SGD). ROP can be exploited by low privileged attacker with network access via HTTP or SSH to gain elevated privileges. CVSS 3.1 Base Score 7.4 (Confidentiality High). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).
CVE-2016-2711 Risk of elevated privileges (ROP) in Oracle Secure Global Desktop (SGD). ROP can be exploited by low privileged attacker with network access via HTTP or SSH to gain elevated privileges. CVSS 3.1 Base Score 7.4 (Confidentiality High). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/20/2022 05:40:00 UTC

References