Vulnerability Details : CVE-2011-0808
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) vswk6.dll or (b) libvs_wk6.so in Outside In 8.1.0.4037 through 8.3.5.5684, involving the Lotus 123 parser.
Products affected by CVE-2011-0808
- cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:8.3.2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0808
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0808
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2011-0808
-
http://www.securityfocus.com/bid/47435
Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability
-
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
cpuapr2011Patch;Vendor Advisory
-
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309
Security Vulnerability in Oracle "Outside-In" (Lotus 123 & Microsoft CAB) viewers used by GroupWise
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa
Cisco Security Agent Remote Code Execution Vulnerabilities
-
http://www.kb.cert.org/vuls/id/520721
VU#520721 - Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsersUS Government Resource
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
Security Bulletin: Fix available for security vulnerabilities in Oracle Outside In Technology Code contained in IBM WebSphere Portal
Jump to