Back to search
CVE-2020-9314
Published: May 10, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.oracle.com/support/lifetime-support/
x_refsource_MISC
20200512 Two vulnerabilities in Oracle's iPlanet Web Server (CVE-2020-9315 and CVE-2020-9314)
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now