CVE-2010-4506

Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/8065
http://www.securityfocus.com/bid/46452
https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:passlogix_v-go_self-service_password_reset_and_oem:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-02-07 21:00

Updated : 2023-12-10 11:03

NVD link : CVE-2010-4506

Mitre link : CVE-2010-4506

CVE.ORG link : CVE-2010-4506

JSON object : View

Products Affected

oracle

passlogix_v-go_self-service_password_reset_and_oem

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2010-4506", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-02-07T21:00:01.887", "references": [{"url": "http://securityreason.com/securityalert/8065", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46452", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65439", "source": "cve@mitre.org"}, {"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a \"Save As\" dialog that is reachable from the \"Certificate Export\" wizard."}, {"lang": "es", "value": "Passlogix v-GO (SSPR) y OEM antes de v7.0A permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar programas arbitrarios sin autenticaci\u00f3n mediante la activaci\u00f3n del de un certificado SSL no v\u00e1lido y el uso de la interfaz de Internet Explorer para navegar por el sistema de ficheros a trav\u00e9s de un cuadro de di\u00e1logo \"Guardar como \" que es accesible desde el asistente de \"Exportaci\u00f3n de certificado\""}], "lastModified": "2017-08-17T01:33:14.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:passlogix_v-go_self-service_password_reset_and_oem:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EDC4DB1-2216-4853-AA28-9198314C4473"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}