CVE-2011-0794

2011-04-2003:14:05

oracle

web.nvd.nist.gov

oracle

outside in

technology

vulnerability

confidentiality

integrity

availability

fusion middleware

cve-2011-0794

nvd

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.5

Confidence

Low

EPSS

0.001

Percentile

26.1%

JSON

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.

Affected configurations

Nvd

Node

oraclefusion_middlewareMatch8.3.5.0

VendorProductVersionCPE
oraclefusion_middleware8.3.5.0cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	fusion_middleware	8.3.5.0	cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:::::::*

References

secunia.com/advisories/44295

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa

www-01.ibm.com/support/docview.wss?uid=swg21660640

www.kb.cert.org/vuls/id/520721

www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309

www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

www.securityfocus.com/bid/47437