Vulnerability Details : CVE-2010-3594
Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2010-3594
Probability of exploitation activity in the next 30 days: 3.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3594
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2010-3594
-
http://www.securityfocus.com/bid/45874
Oracle Enterprise Manager Real User Experience Insight (RUEI) SQL Injection Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64779
Oracle Real User Experience Insight SQL Injection CVE-2010-3594 Vulnerability Report
-
http://www.securitytracker.com/id?1024979
Oracle Enterprise Manager Bug Lets Remote Users Partially Access and Modify Data - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-11-016/
ZDI-11-016 | Zero Day Initiative
-
http://www.vupen.com/english/advisories/2011/0140
Webmail | OVH- OVHVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Oracle Critical Patch Update - January 2011Vendor Advisory
Products affected by CVE-2010-3594
- cpe:2.3:a:oracle:enterprise_manager_grid_control:6.0:*:*:*:*:*:*:*