← back
CVE-2012-0518

CVE-2012-0518

CVSS 4.7 MEDIUMEPSS 4.7%● KEVCWE-601
In short

Oracle Application Server Single Sign-On has a flaw that allows attackers to redirect users to malicious websites, potentially tricking them into divulging sensitive information. This happens because the application doesn't properly validate where it sends users after login.

Technical detail

CWE-601 open redirect vulnerability in Oracle Fusion Middleware 10.1.4.3.0 Single Sign-On component allows unauthenticated remote attackers to manipulate redirect destinations during authentication flows, compromising user trust and enabling phishing attacks or credential harvesting through unvalidated URL parameters.

Summary generated and translated by AI from the official description.
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0518http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html