CVE-2010-4438

Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).

CVSS v2.0 5.7 MEDIUM

5.7^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:C

Exploitability : 3.1 / Impact : 8.5

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
http://www.securityfocus.com/bid/45890
http://secunia.com/advisories/42988
http://www.vupen.com/english/advisories/2011/0155
http://osvdb.org/70572
http://osvdb.org/70573
https://exchange.xforce.ibmcloud.com/vulnerabilities/64813

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:glassfish_server:2.1:::::::*
	cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*
	cpe:2.3:a:oracle:glassfish_server:3.0.1:::::::*
	cpe:2.3:a:oracle:java_system_message_queue:4.1:::::::*

Information

Published : 2011-01-19 09:00

Updated : 2017-08-16 18:33

NVD link : CVE-2010-4438

Mitre link : CVE-2010-4438

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

oracle

glassfish_server
java_system_message_queue

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/45890", "name": "45890", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/42988", "name": "42988", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0155", "name": "ADV-2011-0155", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/70572", "name": "70572", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/70573", "name": "70573", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64813", "name": "glassfish-jms-privilege-escalation(64813)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4438", "ASSIGNER": "secalert_us@oracle.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:C", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 8.5, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-01-19T17:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:java_system_message_queue:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:33Z"}

5.7 /10