Vulnerability Description
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of multiple unspecified functions through XML-RPC that allow execution of arbitrary OS commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Vm | 2.2.1 |
References
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/514613/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlUS Government Resource
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/514613/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlUS Government Resource
FAQ
What is CVE-2010-3583?
CVE-2010-3583 is a vulnerability with a CVSS score of 9.0 (HIGH). Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent...
How severe is CVE-2010-3583?
CVE-2010-3583 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3583?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Vm.