Vulnerability Name: CVE-2011-0785 (CCN-66909) Assigned: 2011-04-19 Published: 2011-04-19 Updated: 2011-04-20 Summary: Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Other References: Source: MITRECVE-2011-0785 Oracle Enterprise Manager Grid Control Two Vulnerabilities Oracle Fusion Middleware Multiple Vulnerabilities Oracle Critical Patch Update Advisory - April 2011 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Oracle Multiple Products Oracle Help help/topics/iastop_cs/iastop_cs_farm_page.html locale Parameter XSS Oracle Help 'help/topics/iastop_cs/iastop_cs_farm_page.html' Cross Site Scripting Vulnerability oraclehelp-multiple-unspecified(66909) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:* Configuration 2 :cpe:/a:oracle:fusion_middleware:11.1.1.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:11.1.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:11.1.1.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:11.1.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:* BACK
oracle database server 10.1.0.5
oracle database server 10.2.0.3
oracle database server 10.2.0.4
oracle database server 10.2.0.5
oracle database server 11.1.0.7
oracle database server 11.2.0.1
oracle database server 11.2.0.2
oracle fusion middleware 11.1.1.2.0
oracle fusion middleware 11.1.1.3.0
oracle fusion middleware 11.1.1.4.0
oracle database server 10.1.0.5
oracle database server 10.2.0.3
oracle database server 10.2.0.4
oracle database server 10.2.0.5
oracle database server 11.1.0.7
oracle database server 11.2.0.1
oracle fusion middleware 11.1.1.2.0
oracle database server 11.2.0.2
oracle fusion middleware 11.1.1.3.0
oracle fusion middleware 11.1.1.4.0
Denotes that component is vulnerable