CVE-2010-2408 — Oracle E-business Suite vulnerability

9 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle E-business Suite

Timeline

PublishedOct 14

Latest updateMay 17

Description

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/e-business_suite11.5.10.2, 12.0.6, 12.1.3+2

🔴Vulnerability Details

GHSA

GHSA-mr7x-3456-7m2m: Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11↗2022-05-17

▶

CVEList

CVE-2010-2408: Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11↗2010-10-13

▶

📋Vendor Advisories

Red Hat

w3m: doesn't handle NULL in Common Name properly↗2010-06-14

▶

Red Hat

libESMTP: Multiple certificate validation flaws↗2010-03-03

▶

Red Hat

OpenLDAP: Doesn't properly handle NULL character in subject Common Name↗2009-08-10

▶

💬Community

Bugzilla

CVE-2010-3170 firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely↗2010-09-03

▶

Bugzilla

CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name↗2010-09-03

▶