CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-3010

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score54.8480%
EPSS Percentile91.21th
Published2019年10月16日
Last Modified2025年10月27日

Vulnerability Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

💻
Oracle

Solaris

= 11

References & Advisories

🔗 http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html
🔗 http://seclists.org/fulldisclosure/2019/Oct/39
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
🔗 http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html
🔗 http://seclists.org/fulldisclosure/2019/Oct/39
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3010

関連する脆弱性情報

CVE-1999-097410.0

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

CVE-1999-097310.0

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is runn...

CVE-2020-1487110.0

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions tha...

CVE-1999-010110.0

Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.