← Retour aux CVEs
CVE-2019-3010
HIGHCISA KEV8.8
Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie10/16/2019
Derniere modification10/27/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurOracle
ProduitSolaris
Nom vulnerabiliteOracle Solaris Privilege Escalation Vulnerability
Date ajout KEV2022-05-25
Date limite remediation2022-06-15
Utilise dans ransomwareUnknown
Produits affectes
oracle:solaris
References
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html(secalert_us@oracle.com)
http://seclists.org/fulldisclosure/2019/Oct/39(secalert_us@oracle.com)
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Oct/39(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3010(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.