10

CVE-2011-2475

EPSS 4.72%
Veröffentlicht 09.06.2011 21:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sybase ≫ Onebridge Mobile Data Suite Version5.5

Sybase ≫ Onebridge Mobile Data Suite Version5.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.72%	0.89

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://www.sybase.com/detail?id=1092074

Vendor Advisory

http://zerodayinitiative.com/advisories/ZDI-11-171/

https://nvd.nist.gov/vuln/detail/CVE-2011-2475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2475

EUVD