CVE-2018-19439: XSS
First published: Thu Dec 13 2018(Updated: )
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Secure Global Desktop | =4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19439?
CVE-2018-19439 is a vulnerability in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4).
What is the severity of CVE-2018-19439?
The severity of CVE-2018-19439 is medium with a severity value of 6.1.
How does CVE-2018-19439 affect Oracle Secure Global Desktop?
CVE-2018-19439 affects Oracle Secure Global Desktop version 4.4.
What is the impact of CVE-2018-19439?
The impact of CVE-2018-19439 is the possibility of reflected cross-site scripting (XSS) attacks via all parameters in the helpwindow.jsp page.
How do I fix CVE-2018-19439?
To fix CVE-2018-19439, upgrade Oracle Secure Global Desktop to a version later than 5.4.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/oracle
- canonical/oracle secure global desktop
- version/oracle secure global desktop/4.4