#VU45422 Input validation error in Sun Convergence - CVE-2010-4464

Cybersecurity Help s.r.o.

Published: 2011-01-19 | Updated: 2020-08-11

Vulnerability identifier: #VU45422

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2010-4464

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sun Convergence
Other software / Other software solutions

Vendor: Oracle

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Sun Convergence: 1.0

External links
https://osvdb.org/70592
https://secunia.com/advisories/42987
https://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
https://www.securityfocus.com/bid/45887
https://www.vupen.com/english/advisories/2011/0154
https://exchange.xforce.ibmcloud.com/vulnerabilities/64812

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in Oracle Sun Convergence