CVE-2011-0808

2011-04-2003:14:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2011-0808

oracle

fusion middleware

outside in

technology

confidentiality

integrity

availability

vulnerability

nvd

april 2011 cpu

5.2 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.1%

JSON

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) vswk6.dll or (b) libvs_wk6.so in Outside In 8.1.0.4037 through 8.3.5.5684, involving the Lotus 123 parser.

CPENameOperatorVersion
oracle:fusion_middlewareoracle fusion middlewareeq8.3.5.0
oracle:fusion_middlewareoracle fusion middlewareeq8.3.2.0

CPE	Name	Operator	Version
oracle:fusion_middleware	oracle fusion middleware	eq	8.3.5.0
oracle:fusion_middleware	oracle fusion middleware	eq	8.3.2.0

References

secunia.com/advisories/44295

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa

www-01.ibm.com/support/docview.wss?uid=swg21660640

www.kb.cert.org/vuls/id/520721

www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309

www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

www.securityfocus.com/bid/47435