Vulnerability Details : CVE-2014-0419
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications.
Exploit prediction scoring system (EPSS) score for CVE-2014-0419
Probability of exploitation activity in the next 30 days: 1.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0419
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2014-0419
-
http://www.securityfocus.com/bid/64902
Oracle Secure Global Desktop CVE-2014-0419 Remote Security Vulnerability
-
http://www.securitytracker.com/id/1029610
Oracle Virtualization Bugs Let Remote and Local Users Access and Modify Data and Deny Service - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Oracle Critical Patch Update - January 2014Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90367
Oracle Secure Global Desktop (SGD) Administration Console and Workspace Web Applications unspecified CVE-2014-0419 Vulnerability Report
-
http://www.securityfocus.com/bid/64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities
Products affected by CVE-2014-0419
- cpe:2.3:a:oracle:virtualization_secure_global_desktop:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:virtualization_secure_global_desktop:4.63:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:virtualization_secure_global_desktop:4.71:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:virtualization_secure_global_desktop:5.0:*:*:*:*:*:*:*