CVE-2010-3905

{"id": "CVE-2010-3905", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2010-12-22T21:00:15.957", "references": [{"url": "http://open.eucalyptus.com/wiki/esa-01", "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/42632", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://secunia.com/advisories/42666", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.securityfocus.com/bid/45462", "source": "security@ubuntu.com"}, {"url": "http://www.ubuntu.com/usn/USN-1033-1", "source": "security@ubuntu.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3259", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3260", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64167", "source": "security@ubuntu.com"}, {"url": "http://open.eucalyptus.com/wiki/esa-01", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/42632", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/42666", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/45462", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1033-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/3259", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/3260", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64167", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users."}, {"lang": "es", "value": "La caracter\u00edstica de borrado de password en la interfaz de administrador para Eucalyptus v2.0.0 y v2.0.1 no realiza la autenticaci\u00f3n, lo que permite a atacantes remotos obtener privilegios por env\u00edo de peticiones de borrado de password para otros usuarios. \r\n\r\n\r\n"}], "lastModified": "2024-11-21T01:19:52.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8974798-2246-4C12-A0A2-ADDB10563E58"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C98920E-5369-4690-885A-BEE737F029C3"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}