Summary
This host is running Oracle OpenSSO and is prone to data manipulation vulnerability.
Impact
Successful exploitation will allow attackers to update, insert, or delete certain Oracle OpenSSO accessible data.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
The flaw is due to an unspecified error in the Administration component.
Affected
Oracle OpenSSO version 7.1 and 8.0
Detection
Get the installed version of Oracle OpenSSO with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-0079 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability