Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 103152 Security Vulnerability in Sun Management Center (Sun MC) May Allow Unauthorized Access to System and Data |
| Informations | |||
|---|---|---|---|
| Name | SUN-103152 | First vendor Publication | 2007-12-19 |
| Vendor | Sun | Last vendor Modification | 2007-12-19 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 9.4 | Attack Range | Network |
| Cvss Impact Score | 9.2 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Sun Management Center 3.6.1, Sun Management Center 3.6, Sun Management Center 3.5 Update 1 A default account vulnerability in the Oracle database component of Sun Management Center (Sun MC) server software may allow remote unprivileged users to gain unauthorized access to the database or execute arbitrary code with the privileges of Oracle database server. The database server runs as the unprivileged user "smcorau". Avoidance: Patch State: Resolved First released: 18-Dec-2007 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_103152_security_vulnerability |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 39563 | Sun Management Center Oracle Database smcorau Default Account |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2008-01-10 | IAVM : 2008-B-0002 - Sun Management Center Insecure Default Account Unauthorized Access Vulnerability Severity : Category II - VMSKEY : V0015664 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 127383-01 File : solaris10_127383.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 127380-01 File : solaris8_127380.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 127381-01 File : solaris9_127381.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 118388-11 File : solaris8_118388.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 118389-12 File : solaris9_118389.nasl - Type : ACT_GATHER_INFO |
