CVE-2010-3905

EPSS 1.39%
Veröffentlicht 22.12.2010 21:00:15
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eucalyptus ≫ Eucalyptus Version2.0.0

Eucalyptus ≫ Eucalyptus Version2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.39%	0.786

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://open.eucalyptus.com/wiki/esa-01

http://secunia.com/advisories/42632

Vendor Advisory

http://secunia.com/advisories/42666

Vendor Advisory

http://www.securityfocus.com/bid/45462

http://www.ubuntu.com/usn/USN-1033-1

http://www.vupen.com/english/advisories/2010/3259

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3260

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/64167

https://nvd.nist.gov/vuln/detail/CVE-2010-3905

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3905

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3905

EUVD