Vulnerability Description
Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Passlogix V-Go Self-Service Password Reset And Oem | 7.0 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/8065
- http://www.securityfocus.com/bid/46452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
- http://securityreason.com/securityalert/8065
- http://www.securityfocus.com/bid/46452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
FAQ
What is CVE-2010-4506?
CVE-2010-4506 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL cer...
How severe is CVE-2010-4506?
CVE-2010-4506 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4506?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Passlogix V-Go Self-Service Password Reset And Oem.