CVE-2010-4438

2011-01-1917:00:02

oracle

web.nvd.nist.gov

cve-2010-4438

oracle

glassfish

java system message queue

vulnerability

local users

confidentiality

integrity

availability

java message service

jms

nvd

CVSS2

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:P/I:P/A:C

AI Score

5.6

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).

Affected configurations

Nvd

Node

oracleglassfish_serverMatch2.1

oracleglassfish_serverMatch2.1.1

oracleglassfish_serverMatch3.0.1

oraclejava_system_message_queueMatch4.1

VendorProductVersionCPE
oracleglassfish_server2.1cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*
oracleglassfish_server2.1.1cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
oracleglassfish_server3.0.1cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*
oraclejava_system_message_queue4.1cpe:2.3:a:oracle:java_system_message_queue:4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	glassfish_server	2.1	cpe:2.3:a:oracle:glassfish_server:2.1:::::::*
oracle	glassfish_server	2.1.1	cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*
oracle	glassfish_server	3.0.1	cpe:2.3:a:oracle:glassfish_server:3.0.1:::::::*
oracle	java_system_message_queue	4.1	cpe:2.3:a:oracle:java_system_message_queue:4.1:::::::*