Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.

The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'.  The system performs some sanitization which limits exploitation of this issue, but code execution is still possible.

A remote, unauthenticated attacker could exploit this to execute code on the remote host with the privileges of the web server user.

By default the server runs with SYSTEM privileges under Windows.

Detections

Analytics

CVE-2011-2261

critical

Tenable Plugins

critical