Image Injection Vulnerability in Oracle iPlanet Web Server 7.0.x Administration Console

Image Injection Vulnerability in Oracle iPlanet Web Server 7.0.x Administration Console

CVE-2020-9314 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.

Learn more about our Web App Pen Testing.