Vulnerability Description
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Vm | 2.2.1 |
References
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/514611/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlUS Government Resource
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/514611/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlUS Government Resource
FAQ
What is CVE-2010-3585?
CVE-2010-3585 is a vulnerability with a CVSS score of 9.0 (HIGH). Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent...
How severe is CVE-2010-3585?
CVE-2010-3585 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3585?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Vm.