CVE-2010-0906 - Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affe

CVE-2010-0906

Summary

Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html 'CVSS Score is 9.0 for Windows based installation. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial.'

References

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Vulnerable Configurations

cpe:2.3:a:oracle:secure_backup:10.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_backup:10.3.0.1:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 23-10-2012 - 03:20)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

refmap via4

confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

saint via4

bid 41597
description Oracle Secure Backup Administration property_box.php objectname command injection
osvdb 66340
title oracle_secure_backup_objectname
type remote
bid 41597
description Oracle Secure Backup Administration preauth variable command injection
osvdb 67128
title oracle_secure_backup_preauth
type remote
bid 41597
description Oracle Secure Backup Administration selector parameter command injection
osvdb 67128
title oracle_secure_backup_selector
type remote

Last major update

23-10-2012 - 03:20

Published

13-07-2010 - 22:30

Last modified

23-10-2012 - 03:20