CyberNews Briefs

Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

Two bugs, CVE-2020-9315 and CVE-2020-9314, found in Oracle’s iPlanet Web Server have been disclosed, both potentially allowing for sensitive data exposure and images onto web pages if exploited. Both vulnerabilities are found in the web administration console of iPlanet version 7, which has reached end-of-life and therefore will not be patched.

The first bug allows read-only access to any page without authentication within the administration console, resulting in sensitive data exposure of configuration information about the server including encryption keys and Java Virtual machine configuration. Researchers added that attackers can replace any URL for any page within the administration console by exploiting the bug.

Read More: Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.