cvelistv5 - CVE-2010-2734

CVE-2010-2734 (GCVE-0-2010-2734)

Vulnerability from cvelistv5

Published

2010-11-10 01:00

Modified

2024-08-07 02:46

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201011-0014

Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.". This is a non-persistent cross-site scripting vulnerability that allows an attacker to send commands to a UAG server in the target user context. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. Remote attackers can inject arbitrary web scripts or HTML with unknown vectors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA10-313A

Microsoft Updates for Multiple Vulnerabilities

Original release date: November 09, 2010 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Forefront United Access Gateway
 * Microsoft Office

Overview

There are multiple vulnerabilities in Microsoft Office, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.

I. Microsoft has released updates to address the vulnerabilities.

II.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for November 2010 - http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA10-313A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-313A Feedback VU#885756" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2010 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

November 09, 2010: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/ qwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy +DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq BpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi OIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD 1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA== =Xbxy -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.

Join the beta: http://secunia.com/products/corporate/vim/

TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA42131

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131

RELEASE DATE: 2010-11-11

DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/42131/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=42131

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface.

2) Unspecified input is not properly sanitised before being returned to the user.

3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user.

4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user.

SOLUTION: Apply patches.

Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0014",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "forefront unified access gateway",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "2010"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:forefront_unified_access_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "44633"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2010-2734",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-2734",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-45339",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-2734",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-2734",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201011-120",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-45339",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\". This is a non-persistent cross-site scripting vulnerability that allows an attacker to send commands to a UAG server in the target user context. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. Remote attackers can inject arbitrary web scripts or HTML with unknown vectors. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA10-313A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: November 09, 2010\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Forefront United Access Gateway\n     * Microsoft Office\n\n\nOverview\n\n   There are multiple vulnerabilities in Microsoft Office, and\n   Microsoft Forefront United Access Gateway. Microsoft has released\n   updates to address these vulnerabilities. \n\n\nI. Microsoft has released updates to\n   address the vulnerabilities. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for November 2010. That\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. In addition, administrators should\n   consider using an automated update distribution system such as\n   Windows Server Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for November 2010 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA10-313A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA10-313A Feedback VU#885756\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2010 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n  November 09, 2010: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/\nqwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy\n+DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq\nBpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi\nOIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD\n1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA==\n=Xbxy\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Forefront Unified Access Gateway Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA42131\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42131/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42131\n\nRELEASE DATE:\n2010-11-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42131/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42131/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42131\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Forefront Unified\nAccess Gateway (UAG), which can be exploited by malicious people to\nconduct spoofing and cross-site scripting attacks. \n\n1) A weakness in UAG allows redirecting users to an untrusted site\ne.g. spoofing a legitimate UAG Web interface. \n\n2) Unspecified input is not properly sanitised before being returned\nto the user. \n\n3) Unspecified input passed to the UAG Mobile Portal website is not\nproperly sanitised before being returned to the user. \n\n4) Unspecified input passed to Signurl.asp is not properly sanitised\nbefore being returned to the user. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nMS10-089 (KB2316074, KB2418933, KB2433584, KB2433585):\nhttp://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "BID",
        "id": "44633"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "db": "PACKETSTORM",
        "id": "95711"
      },
      {
        "db": "PACKETSTORM",
        "id": "95727"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-2734",
        "trust": 3.4
      },
      {
        "db": "USCERT",
        "id": "TA10-313A",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "42131",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "44633",
        "trust": 1.2
      },
      {
        "db": "USCERT",
        "id": "SA10-313A",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2925",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765",
        "trust": 0.6
      },
      {
        "db": "MS",
        "id": "MS10-089",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-45339",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "95711",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "95727",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "db": "BID",
        "id": "44633"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "PACKETSTORM",
        "id": "95711"
      },
      {
        "db": "PACKETSTORM",
        "id": "95727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "id": "VAR-201011-0014",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      }
    ],
    "trust": 1.2675676
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      }
    ]
  },
  "last_update_date": "2024-11-23T19:52:06.756000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS10-089",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS10-089.mspx"
      },
      {
        "title": "MS10-089",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-089.mspx"
      },
      {
        "title": "MS10-089e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS10-089e.mspx"
      },
      {
        "title": "TA10-313A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-313a.html"
      },
      {
        "title": "Patch for Microsoft Forefront Unified Access Gateway Mobile Portal Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/1683"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-313a.html"
      },
      {
        "trust": 1.4,
        "url": "http://secunia.com/advisories/42131"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12058"
      },
      {
        "trust": 1.0,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2734"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2010/at100030.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta10-313a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2734"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/44633"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa10-313a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/2925"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.6,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-089.mspxhttp"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-313a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42131"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/42131/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/42131/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "db": "BID",
        "id": "44633"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "PACKETSTORM",
        "id": "95711"
      },
      {
        "db": "PACKETSTORM",
        "id": "95727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "db": "BID",
        "id": "44633"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "db": "PACKETSTORM",
        "id": "95711"
      },
      {
        "db": "PACKETSTORM",
        "id": "95727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "date": "2010-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "date": "2010-11-09T00:00:00",
        "db": "BID",
        "id": "44633"
      },
      {
        "date": "2010-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "date": "2010-11-10T05:24:37",
        "db": "PACKETSTORM",
        "id": "95711"
      },
      {
        "date": "2010-11-10T05:23:08",
        "db": "PACKETSTORM",
        "id": "95727"
      },
      {
        "date": "2010-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "date": "2010-11-10T03:00:02.037000",
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45339"
      },
      {
        "date": "2013-04-19T12:59:00",
        "db": "BID",
        "id": "44633"
      },
      {
        "date": "2010-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      },
      {
        "date": "2010-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      },
      {
        "date": "2024-11-21T01:17:16.863000",
        "db": "NVD",
        "id": "CVE-2010-2734"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Forefront Unified Access Gateway Mobile Portal Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-2765"
      },
      {
        "db": "BID",
        "id": "44633"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002453"
      }
    ],
    "trust": 1.7
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-120"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2010-2734

Vulnerability from fkie_nvd

Published

2010-11-10 03:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA10-313A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA10-313A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058

Impacted products

Vendor	Product	Version
microsoft	forefront_unified_access_gateway	2010
microsoft	forefront_unified_access_gateway	2010
microsoft	forefront_unified_access_gateway	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17E843B-C2FE-433B-B37A-615494AAB211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update1:*:*:*:*:*:*",
              "matchCriteriaId": "8D9218D0-D3C5-400A-A8C4-C25160B746B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update2:*:*:*:*:*:*",
              "matchCriteriaId": "C8B9D477-AC0F-4271-ACEF-325C31E8BE40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el el portal m\u00f3vil de Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, y 2010 Update 2 permite a los atacantes remotos inyectar c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability\"."
    }
  ],
  "id": "CVE-2010-2734",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-10T03:00:02.037",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-mw2f-f9cv-429m

Vulnerability from github

Published

2022-05-14 02:36

Modified

2022-05-14 02:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-10T03:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\"",
  "id": "GHSA-mw2f-f9cv-429m",
  "modified": "2022-05-14T02:36:42Z",
  "published": "2022-05-14T02:36:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2734"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2010-AVI-545

Vulnerability from certfr_avis

Plusieurs vulnérabilités corrigées dans Microsoft Forefront Unified Access Gateway 2010 permettent à un utilisateur malveillant d'élever ses privilèges ou de contourner la politique de sécurité.

Description

Plusieurs vulnérabilités ont été corrigées dans Microsoft Forefront Unified Access Gateway 2010 :

Une vulnérabilité permet à un utilisateur malintentionné, par le biais d'un lien spécialement conçu, de rediriger le trafic du serveur Web vers un site malveillant (CVE-2010-2732) ;
plusieurs vulnérabilités permettent à un utilisateur malintentionné, par le biais d'un lien spécialement conçu, d'exécuter certaines commandes sur le serveur (CVE-2010-2733, CVE-2010-2734 et CVE-2010-3936).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Update 1 ;
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Update 2.
Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 ;

References

Title

Publication Time

gsd-2010-2734

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-2734

Aliases

CVE-2010-2734

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2734",
    "description": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\"",
    "id": "GSD-2010-2734"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2734"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\"",
      "id": "GSD-2010-2734",
      "modified": "2023-12-13T01:21:31.123113Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2010-2734",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:12058",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058"
          },
          {
            "name": "MS10-089",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"
          },
          {
            "name": "TA10-313A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-2734"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA10-313A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12058",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12058"
            },
            {
              "name": "MS10-089",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:58Z",
      "publishedDate": "2010-11-10T03:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-2734 (GCVE-0-2010-2734)

Vulnerability from cvelistv5

var-201011-0014

Vulnerability from variot

fkie_cve-2010-2734

Vulnerability from fkie_nvd

ghsa-mw2f-f9cv-429m

Vulnerability from github

CERTA-2010-AVI-545

Vulnerability from certfr_avis

Description

Solution

gsd-2010-2734

Vulnerability from gsd

Tags

Sightings

Nomenclature