CVE-2010-4449 - OpenCVE

Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Audit Vault

Configuration 1 [-]

cpe:2.3:a:oracle:audit_vault:10.2.3.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/70583
http://secunia.com/advisories/42919
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.securityfocus.com/bid/45844
http://www.securitytracker.com/id?1024973
http://www.vupen.com/english/advisories/2011/0141
http://www.zerodayinitiative.com/advisories/ZDI-11-017/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64762

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2011-01-19T16:00:00

Updated: 2024-08-07T03:43:14.907Z

Reserved: 2010-12-06T00:00:00

Link: CVE-2010-4449

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-01-19T17:00:02.593

Modified: 2017-08-17T01:33:12.353

Link: CVE-2010-4449

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "oracle-vault-av-code-execution(64762)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64762"}, {"name": "ADV-2011-0141", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0141"}, {"name": "70583", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/70583"}, {"name": "1024973", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024973"}, {"name": "42919", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42919"}, {"name": "45844", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45844"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-017/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2010-4449", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oracle-vault-av-code-execution(64762)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64762"}, {"name": "ADV-2011-0141", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0141"}, {"name": "70583", "refsource": "OSVDB", "url": "http://osvdb.org/70583"}, {"name": "1024973", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024973"}, {"name": "42919", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42919"}, {"name": "45844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45844"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-017/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-017/"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.907Z"}, "title": "CVE Program Container", "references": [{"name": "oracle-vault-av-code-execution(64762)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64762"}, {"name": "ADV-2011-0141", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0141"}, {"name": "70583", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/70583"}, {"name": "1024973", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024973"}, {"name": "42919", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42919"}, {"name": "45844", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45844"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-017/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2010-4449", "datePublished": "2011-01-19T16:00:00", "dateReserved": "2010-12-06T00:00:00", "dateUpdated": "2024-08-07T03:43:14.907Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:audit_vault:10.2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "026D5D31-2821-45DE-887B-A937CDD7258E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue is related to a crafted parameter in an action.execute request to the av component on TCP port 5700."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el componente Audit Vault en Audit Vault de Oracle versi\u00f3n 10.2.3.2, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado las afirmaciones de un coordinador de terceros confiable de que este problema est\u00e1 relacionado con un par\u00e1metro especialmente dise\u00f1ado en una petici\u00f3n a la funci\u00f3n action.execute al componente av en el puerto TCP 5700."}], "id": "CVE-2010-4449", "lastModified": "2017-08-17T01:33:12.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-19T17:00:02.593", "references": [{"source": "secalert_us@oracle.com", "url": "http://osvdb.org/70583"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42919"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/45844"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id?1024973"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0141"}, {"source": "secalert_us@oracle.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-017/"}, {"source": "secalert_us@oracle.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64762"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}