CVE-2010-4506

Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
oraclepasslogix_v-go_self-service_password_reset_and_oem
7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/8065
http://www.securityfocus.com/bid/46452
https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
http://securityreason.com/securityalert/8065
http://www.securityfocus.com/bid/46452
https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt