Vulnerability Description
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Fusion Middleware | 10.1.3.4 |
References
- http://dsecrg.com/pages/vul/show.php?id=307
- http://secunia.com/advisories/42976
- http://www.exploit-db.com/exploits/16056
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/515957/100/0/threaded
- http://www.securityfocus.com/bid/45849
- http://www.securitytracker.com/id?1024981
- http://www.vupen.com/english/advisories/2011/0143Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64770
- http://dsecrg.com/pages/vul/show.php?id=307
- http://secunia.com/advisories/42976
- http://www.exploit-db.com/exploits/16056
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/515957/100/0/threaded
- http://www.securityfocus.com/bid/45849
FAQ
What is CVE-2010-3595?
CVE-2010-3595 is a vulnerability with a CVSS score of 7.8 (HIGH). Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Im...
How severe is CVE-2010-3595?
CVE-2010-3595 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3595?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Fusion Middleware.