← Back to CVEs
CVE-2019-3010
HIGHCISA KEV8.8
Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/16/2019
Last Modified10/27/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorOracle
ProductSolaris
Vulnerability NameOracle Solaris Privilege Escalation Vulnerability
KEV Date Added2022-05-25
Remediation Due Date2022-06-15
Ransomware UseUnknown
Affected Products
oracle:solaris
References
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html(secalert_us@oracle.com)
http://seclists.org/fulldisclosure/2019/Oct/39(secalert_us@oracle.com)
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Oct/39(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3010(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.