Vulnerability Description
Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Enterprise Manager Grid Control | 6.0 |
References
- http://secunia.com/advisories/42973Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
- http://www.securityfocus.com/bid/45874
- http://www.securitytracker.com/id?1024979
- http://www.vupen.com/english/advisories/2011/0140Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-11-016/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64779
- http://secunia.com/advisories/42973Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
- http://www.securityfocus.com/bid/45874
- http://www.securitytracker.com/id?1024979
- http://www.vupen.com/english/advisories/2011/0140Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-11-016/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64779
FAQ
What is CVE-2010-3594?
CVE-2010-3594 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vector...
How severe is CVE-2010-3594?
CVE-2010-3594 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3594?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Enterprise Manager Grid Control.