ID CVE-2010-0906
Summary Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html 'CVSS Score is 9.0 for Windows based installation. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial.'
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:secure_backup:10.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:secure_backup:10.3.0.1:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 23-10-2012 - 03:20)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
saint via4
  • bid 41597
    description Oracle Secure Backup Administration preauth variable command injection
    osvdb 67128
    title oracle_secure_backup_preauth
    type remote
  • bid 41597
    description Oracle Secure Backup Administration selector parameter command injection
    osvdb 67128
    title oracle_secure_backup_selector
    type remote
  • bid 41597
    description Oracle Secure Backup Administration property_box.php objectname command injection
    osvdb 66340
    title oracle_secure_backup_objectname
    type remote
Last major update 23-10-2012 - 03:20
Published 13-07-2010 - 22:30
Last modified 23-10-2012 - 03:20
Back to Top