CVE-2010-4449

Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/70583
http://secunia.com/advisories/42919	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
http://www.securityfocus.com/bid/45844
http://www.securitytracker.com/id?1024973
http://www.vupen.com/english/advisories/2011/0141	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-017/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64762

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:audit_vault:10.2.3.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-01-19 17:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-4449

Mitre link : CVE-2010-4449

CVE.ORG link : CVE-2010-4449

JSON object : View

Products Affected

oracle

audit_vault

CWE

NVD-CWE-noinfo

{"id": "CVE-2010-4449", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-19T17:00:02.593", "references": [{"url": "http://osvdb.org/70583", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/42919", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/45844", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id?1024973", "source": "secalert_us@oracle.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0141", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-017/", "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64762", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el componente Audit Vault en Audit Vault de Oracle versi\u00f3n 10.2.3.2, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado las afirmaciones de un coordinador de terceros confiable de que este problema est\u00e1 relacionado con un par\u00e1metro especialmente dise\u00f1ado en una petici\u00f3n a la funci\u00f3n action.execute al componente av en el puerto TCP 5700."}], "lastModified": "2017-08-17T01:33:12.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:audit_vault:10.2.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "026D5D31-2821-45DE-887B-A937CDD7258E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}