CVE-2011-0794Code Injection in Oracle Fusion Middleware

CWE-94Code Injection5 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 64.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Fusion Middleware
Timeline
PublishedApr 20
Latest updateMay 17

Description

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-8xmp-xr2x-xpvp: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 82022-05-17
CVEList
CVE-2011-0794: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 82011-04-20

📋Vendor Advisories

2
Cisco
Cisco Security Agent Remote Code Execution Vulnerabilities2011-10-26
Cisco
Oracle Outside In Technology File Processing Arbitrary Code Execution Vulnerability2011-04-20
CVE-2011-0794 — Code Injection in Oracle | cvebase