CVE-2010-4506

critical

Description

Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/65439

http://www.securityfocus.com/bid/46452

http://securityreason.com/securityalert/8065

Details

Source: Mitre, NVD

Published: 2011-02-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0034