CVE-2010-0904
Oracle Secure Backup Administration Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
Vulnerablidad no especificada en Oracle Secure Backup v10.3.0.1 permite a atacantes remotos afectar la integridad a través de vectores desconocidos.
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup.
The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-03 CVE Reserved
- 2010-07-13 CVE Published
- 2011-08-19 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/8354 | Third Party Advisory | |
| http://securityreason.com/securityalert/8356 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17698 | 2011-08-19 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Secure Backup Search vendor "Oracle" for product "Secure Backup" | 10.3.0.1 Search vendor "Oracle" for product "Secure Backup" and version "10.3.0.1" | - |
Affected
| ||||||