CVE-2010-4506
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
07/02/2011
Last modified:
11/04/2025
Description
Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.
Impact
Base Score 2.0
6.20
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:passlogix_v-go_self-service_password_reset_and_oem:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/8065
- http://www.securityfocus.com/bid/46452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
- http://securityreason.com/securityalert/8065
- http://www.securityfocus.com/bid/46452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65439
- https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt