cvelistv5 - cve-2010-4438

CVE-2010-4438 (GCVE-0-2010-4438)

Vulnerability from cvelistv5 – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43

Summary

Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	http://secunia.com/advisories/42988	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/45890	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2011/0155	vdb-entryx_refsource_VUPEN
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://osvdb.org/70572	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/70573	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42988",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42988"
          },
          {
            "name": "45890",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45890"
          },
          {
            "name": "ADV-2011-0155",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0155"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "70572",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70572"
          },
          {
            "name": "glassfish-jms-privilege-escalation(64813)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
          },
          {
            "name": "70573",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70573"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "42988",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42988"
        },
        {
          "name": "45890",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45890"
        },
        {
          "name": "ADV-2011-0155",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0155"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "70572",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70572"
        },
        {
          "name": "glassfish-jms-privilege-escalation(64813)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
        },
        {
          "name": "70573",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70573"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-4438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42988",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42988"
            },
            {
              "name": "45890",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45890"
            },
            {
              "name": "ADV-2011-0155",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0155"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "70572",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70572"
            },
            {
              "name": "glassfish-jms-privilege-escalation(64813)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
            },
            {
              "name": "70573",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70573"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-4438",
    "datePublished": "2011-01-19T16:00:00",
    "dateReserved": "2010-12-06T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBDD6781-CF9E-4ED3-861F-99217EE0711C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:java_system_message_queue:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E097805-13EF-4781-9001-9B246DEA605B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS).\"}]",
      "id": "CVE-2010-4438",
      "lastModified": "2024-11-21T01:20:56.970",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:P/I:P/A:C\", \"baseScore\": 5.7, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-01-19T17:00:02.233",
      "references": "[{\"url\": \"http://osvdb.org/70572\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://osvdb.org/70573\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://secunia.com/advisories/42988\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/45890\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0155\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64813\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://osvdb.org/70572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/70573\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/45890\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4438\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2011-01-19T17:00:02.233\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:P/I:P/A:C\",\"baseScore\":5.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBDD6781-CF9E-4ED3-861F-99217EE0711C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_system_message_queue:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E097805-13EF-4781-9001-9B246DEA605B\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/70572\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://osvdb.org/70573\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/42988\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/45890\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0155\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64813\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://osvdb.org/70572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/70573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/45890\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.

Description

De multiples vulnérabilités ont été corrigées dans les produits Oracle tels que Oracle Database, Oracle Application Server ou Oracle Open Office. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur malveillant distant pour contourner la politique de sécurité ou encore porter atteinte à l'intégrité et/ou la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;
Oracle	N/A	Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;
Oracle	N/A	Oracle Sun Product Suite ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	N/A	Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	N/A	Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	N/A	Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;
Oracle	N/A	Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.1 ;
Oracle	N/A	Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;
Oracle	N/A	Oracle GoldenGate Veridata, version 3.0.0.4 ;
Oracle	N/A	Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle de janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Sun Product Suite ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
    },
    {
      "name": "CVE-2010-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
    },
    {
      "name": "CVE-2010-4438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
    },
    {
      "name": "CVE-2010-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
    },
    {
      "name": "CVE-2010-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
    },
    {
      "name": "CVE-2010-4439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
    },
    {
      "name": "CVE-2010-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
    },
    {
      "name": "CVE-2010-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
    },
    {
      "name": "CVE-2010-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
    },
    {
      "name": "CVE-2010-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
    },
    {
      "name": "CVE-2010-4464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
    },
    {
      "name": "CVE-2010-4457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
    },
    {
      "name": "CVE-2010-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
    },
    {
      "name": "CVE-2010-4460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
    },
    {
      "name": "CVE-2010-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
    },
    {
      "name": "CVE-2010-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
    },
    {
      "name": "CVE-2010-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
    },
    {
      "name": "CVE-2010-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
    },
    {
      "name": "CVE-2010-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
    },
    {
      "name": "CVE-2010-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
    },
    {
      "name": "CVE-2010-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
    },
    {
      "name": "CVE-2010-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
    },
    {
      "name": "CVE-2010-4441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
    },
    {
      "name": "CVE-2010-4440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
    },
    {
      "name": "CVE-2010-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
    },
    {
      "name": "CVE-2010-4443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
    },
    {
      "name": "CVE-2010-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
    },
    {
      "name": "CVE-2010-4437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
    },
    {
      "name": "CVE-2009-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
    },
    {
      "name": "CVE-2010-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
    },
    {
      "name": "CVE-2010-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
    },
    {
      "name": "CVE-2010-4446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
    },
    {
      "name": "CVE-2010-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
    },
    {
      "name": "CVE-2010-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2010-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
    },
    {
      "name": "CVE-2010-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
    },
    {
      "name": "CVE-2010-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
    },
    {
      "name": "CVE-2010-4442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
    },
    {
      "name": "CVE-2010-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
    },
    {
      "name": "CVE-2010-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
    },
    {
      "name": "CVE-2010-3505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
    },
    {
      "name": "CVE-2010-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
    },
    {
      "name": "CVE-2010-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
    },
    {
      "name": "CVE-2010-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
    },
    {
      "name": "CVE-2010-4445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
    },
    {
      "name": "CVE-2010-4458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
    },
    {
      "name": "CVE-2010-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
    },
    {
      "name": "CVE-2010-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
    },
    {
      "name": "CVE-2010-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
    },
    {
      "name": "CVE-2010-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
    },
    {
      "name": "CVE-2010-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
    },
    {
      "name": "CVE-2010-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
    },
    {
      "name": "CVE-2010-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
    },
    {
      "name": "CVE-2010-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
    },
    {
      "name": "CVE-2010-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
    },
    {
      "name": "CVE-2010-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
    },
    {
      "name": "CVE-2010-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
    },
    {
      "name": "CVE-2010-1227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
    },
    {
      "name": "CVE-2010-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
    },
    {
      "name": "CVE-2010-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
    },
    {
      "name": "CVE-2010-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    }
  ]
}

CERTA-2011-AVI-022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;
Oracle	N/A	Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;
Oracle	N/A	Oracle Sun Product Suite ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	N/A	Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	N/A	Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	N/A	Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;
Oracle	N/A	Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.1 ;
Oracle	N/A	Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;
Oracle	N/A	Oracle GoldenGate Veridata, version 3.0.0.4 ;
Oracle	N/A	Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle de janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Sun Product Suite ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
    },
    {
      "name": "CVE-2010-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
    },
    {
      "name": "CVE-2010-4438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
    },
    {
      "name": "CVE-2010-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
    },
    {
      "name": "CVE-2010-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
    },
    {
      "name": "CVE-2010-4439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
    },
    {
      "name": "CVE-2010-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
    },
    {
      "name": "CVE-2010-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
    },
    {
      "name": "CVE-2010-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
    },
    {
      "name": "CVE-2010-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
    },
    {
      "name": "CVE-2010-4464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
    },
    {
      "name": "CVE-2010-4457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
    },
    {
      "name": "CVE-2010-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
    },
    {
      "name": "CVE-2010-4460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
    },
    {
      "name": "CVE-2010-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
    },
    {
      "name": "CVE-2010-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
    },
    {
      "name": "CVE-2010-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
    },
    {
      "name": "CVE-2010-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
    },
    {
      "name": "CVE-2010-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
    },
    {
      "name": "CVE-2010-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
    },
    {
      "name": "CVE-2010-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
    },
    {
      "name": "CVE-2010-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
    },
    {
      "name": "CVE-2010-4441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
    },
    {
      "name": "CVE-2010-4440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
    },
    {
      "name": "CVE-2010-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
    },
    {
      "name": "CVE-2010-4443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
    },
    {
      "name": "CVE-2010-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
    },
    {
      "name": "CVE-2010-4437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
    },
    {
      "name": "CVE-2009-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
    },
    {
      "name": "CVE-2010-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
    },
    {
      "name": "CVE-2010-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
    },
    {
      "name": "CVE-2010-4446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
    },
    {
      "name": "CVE-2010-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
    },
    {
      "name": "CVE-2010-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2010-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
    },
    {
      "name": "CVE-2010-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
    },
    {
      "name": "CVE-2010-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
    },
    {
      "name": "CVE-2010-4442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
    },
    {
      "name": "CVE-2010-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
    },
    {
      "name": "CVE-2010-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
    },
    {
      "name": "CVE-2010-3505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
    },
    {
      "name": "CVE-2010-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
    },
    {
      "name": "CVE-2010-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
    },
    {
      "name": "CVE-2010-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
    },
    {
      "name": "CVE-2010-4445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
    },
    {
      "name": "CVE-2010-4458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
    },
    {
      "name": "CVE-2010-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
    },
    {
      "name": "CVE-2010-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
    },
    {
      "name": "CVE-2010-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
    },
    {
      "name": "CVE-2010-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
    },
    {
      "name": "CVE-2010-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
    },
    {
      "name": "CVE-2010-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
    },
    {
      "name": "CVE-2010-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
    },
    {
      "name": "CVE-2010-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
    },
    {
      "name": "CVE-2010-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
    },
    {
      "name": "CVE-2010-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
    },
    {
      "name": "CVE-2010-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
    },
    {
      "name": "CVE-2010-1227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
    },
    {
      "name": "CVE-2010-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
    },
    {
      "name": "CVE-2010-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
    },
    {
      "name": "CVE-2010-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    }
  ]
}

GHSA-GH64-R29H-QRP4

Vulnerability from github – Published: 2022-05-17 02:04 – Updated: 2022-05-17 02:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4438"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-19T17:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).",
  "id": "GHSA-gh64-r29h-qrp4",
  "modified": "2022-05-17T02:04:07Z",
  "published": "2022-05-17T02:04:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4438"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70572"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70573"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42988"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45890"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2010-4438

Vulnerability from fkie_nvd - Published: 2011-01-19 17:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://osvdb.org/70572
secalert_us@oracle.com	http://osvdb.org/70573
secalert_us@oracle.com	http://secunia.com/advisories/42988
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/45890
secalert_us@oracle.com	http://www.vupen.com/english/advisories/2011/0155
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/64813
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70572
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70573
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42988
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45890
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0155
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64813

Impacted products

Vendor	Product	Version
oracle	glassfish_server	2.1
oracle	glassfish_server	2.1.1
oracle	glassfish_server	3.0.1
oracle	java_system_message_queue	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBDD6781-CF9E-4ED3-861F-99217EE0711C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56AAEB5-E5A5-44A4-8B82-0C465122F2C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_system_message_queue:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E097805-13EF-4781-9001-9B246DEA605B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS)."
    }
  ],
  "id": "CVE-2010-4438",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-19T17:00:02.233",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://osvdb.org/70572"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://osvdb.org/70573"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/42988"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/45890"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.vupen.com/english/advisories/2011/0155"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-4438

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4438

Aliases

CVE-2010-4438

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4438",
    "description": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).",
    "id": "GSD-2010-4438"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4438"
      ],
      "details": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).",
      "id": "GSD-2010-4438",
      "modified": "2023-12-13T01:21:30.360271Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2010-4438",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "42988",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42988"
          },
          {
            "name": "45890",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45890"
          },
          {
            "name": "ADV-2011-0155",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0155"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "70572",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/70572"
          },
          {
            "name": "glassfish-jms-privilege-escalation(64813)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
          },
          {
            "name": "70573",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/70573"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:java_system_message_queue:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-4438"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "45890",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45890"
            },
            {
              "name": "42988",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42988"
            },
            {
              "name": "ADV-2011-0155",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0155"
            },
            {
              "name": "70572",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/70572"
            },
            {
              "name": "70573",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/70573"
            },
            {
              "name": "glassfish-jms-privilege-escalation(64813)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 8.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:33Z",
      "publishedDate": "2011-01-19T17:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4438 (GCVE-0-2010-4438)

CERTA-2011-AVI-022

Description

Solution

CERTA-2011-AVI-022

Description

Solution

GHSA-GH64-R29H-QRP4

FKIE_CVE-2010-4438

GSD-2010-4438

Tags

Sightings

Nomenclature