CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
25.7%
Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a “Save As” dialog that is reachable from the “Certificate Export” wizard.
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | passlogix_v-go_self-service_password_reset_and_oem | 7.0 | cpe:2.3:a:oracle:passlogix_v-go_self-service_password_reset_and_oem:7.0:*:*:*:*:*:*:* |