CVE-2010-4506

{"id": "CVE-2010-4506", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-02-07T21:00:01.887", "references": [{"url": "http://securityreason.com/securityalert/8065", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46452", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65439", "source": "cve@mitre.org"}, {"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8065", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/46452", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65439", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a \"Save As\" dialog that is reachable from the \"Certificate Export\" wizard."}, {"lang": "es", "value": "Passlogix v-GO (SSPR) y OEM antes de v7.0A permite a atacantes f\u00edsicamente pr\u00f3ximos ejecutar programas arbitrarios sin autenticaci\u00f3n mediante la activaci\u00f3n del de un certificado SSL no v\u00e1lido y el uso de la interfaz de Internet Explorer para navegar por el sistema de ficheros a trav\u00e9s de un cuadro de di\u00e1logo \"Guardar como \" que es accesible desde el asistente de \"Exportaci\u00f3n de certificado\""}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:passlogix_v-go_self-service_password_reset_and_oem:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EDC4DB1-2216-4853-AA28-9198314C4473"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}