Vulnerability Details CVE-2010-4506
Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.1%
CVSS Severity
CVSS v2 Score 6.2
References
- http://securityreason.com/securityalert/8065
- http://www.securityfocus.com/bid/46452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
- http://securityreason.com/securityalert/8065
- http://www.securityfocus.com/bid/46452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
Products affected by CVE-2010-4506
-
cpe:2.3:a:oracle:passlogix_v-go_self-service_password_reset_and_oem:7.0