VDB-218460 · CVE-2010-10006 · GCVE-100-218460

michaelliao jopenid kánú 1.08 OpenIdManager.java getAuthentication Bayani fitowa

CVSS Meta Temp Score	Garga na exploit ndiyam (≈)	CTI Nganji Score
4.2	$0-$5k	0.10

Gundumabayani

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a michaelliao jopenid. Hakika, aikin getAuthentication ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil JOpenId/src/org/expressme/openid/OpenIdManager.java, a cikin sashen $software_component. A sa manipulation ka an unknown weakness. Wannan matsala ana saninta da CVE-2010-10006. Babu exploit ɗin da ake samu. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Furɗebayani

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a michaelliao jopenid. Hakika, aikin getAuthentication ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil JOpenId/src/org/expressme/openid/OpenIdManager.java, a cikin sashen $software_component. A sa manipulation ka an unknown weakness. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-208. Hakika, rauni an bayyana shi 01/17/2023 kamar c9baaa976b684637f0d5a50268e91846a7a719ab. An raba bayanin tsaro don saukewa a github.com.

Wannan matsala ana saninta da CVE-2010-10006. Tekinikal faɗi ga. Kai hari yana da wahala sosai. An ce yana da wahala a iya amfani da shi. Shaharar wannan vulnerability ɗin ƙasa da matsakaici ne. Babu exploit ɗin da ake samu. A sa'i, exploit might be approx. USD $0-$5k ndiyam.

Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k.

Ana kiran patch ɗin da c9baaa976b684637f0d5a50268e91846a7a719ab. Gyaran matsalar yana nan a shirye don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Wannan shawara ta ƙunshi wannan magana:

fix timing vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Kayanbayani

Ngilabe

michaelliao

Sunu

jopenid

Laisens

Borno-wuro

Webseite

Kayan: https://github.com/michaelliao/jopenid/

CPE 2.3bayani

CPE 2.2bayani

CVSSv4bayani

VulDB Furɗo: 🔍
VulDB Gaskiya: 🔍

CVSSv3bayani

VulDB Meta Base Score: 4.2
VulDB Meta Temp Score: 4.2

VulDB Ganda Borno: 2.6
VulDB Temp Score: 2.5
VulDB Furɗo: 🔍
VulDB Gaskiya: 🔍

NVD Ganda Borno: 7.5
NVD Furɗo: 🔍

CNA Ganda Borno: 2.6
CNA Furɗo (VulDB): 🔍

CVSSv2bayani

AV	AC	Au	C	I	A
💳	💳	💳	💳	💳	💳
💳	💳	💳	💳	💳	💳
💳	💳	💳	💳	💳	💳

Vektar	Kumpleksiti	Authentisierung	Kariyandi	Gaskiya	Gashina
furu	furu	furu	furu	furu	furu
furu	furu	furu	furu	furu	furu
furu	furu	furu	furu	furu	furu

VulDB Ganda Borno: 🔍
VulDB Temp Score: 🔍
VulDB Gaskiya: 🔍

NVD Ganda Borno: 🔍

Gargajiyabayani

Klasu: Bayani fitowa
CWE: CWE-208 / CWE-203 / CWE-200
CAPEC: 🔍
ATT&CK: 🔍

Fizikal: Ayi
Gumti: Ayi
Gana: Ee

Gashina: 🔍
Halitta: A wondi feere

EPSS Score: 🔍
EPSS Percentile: 🔍

Furɗo farashi: 🔍
Gaskiya farashi ndiyam: 🔍

0-Day	furu	furu	furu	furu
Lale	furu	furu	furu	furu

Bayani na barazanabayani

Ngam: 🔍
Akteɓe ɓernde: 🔍
Kura APT goruwa masu aiki: 🔍

Kari gamjibayani

Garga: Gargajiya
Halitta: 🔍

0-Day Gana: 🔍

Gargajiya: jopenid 1.08
Kari: c9baaa976b684637f0d5a50268e91846a7a719ab

Waktin layibayani

01/16/2023 🔍
01/16/2023 +0 Hənde 🔍
01/17/2023 +0 Hənde 🔍
04/04/2025 +807 Hənde 🔍

Ngizimbayani

Kayan: github.com

Gargaaji: c9baaa976b684637f0d5a50268e91846a7a719ab
Halitta: Gaskiya

CVE: CVE-2010-10006 (🔍)
GCVE (CVE): GCVE-0-2010-10006
GCVE (VulDB): GCVE-100-218460

Gumtibayani

Súgá: 01/17/2023 00:05
Gargadi: 04/04/2025 00:39
Goyarwa: 01/17/2023 00:05 (44), 02/09/2023 09:13 (2), 02/09/2023 09:14 (28), 04/04/2025 00:39 (23)
Gadankam: 🔍
Cache ID: 253:A8D:103

Ganaaji

A ga wuroyo kulu. Kàlàmbe: kr + en.

Ngam loga ka, kanyi shidin dum.

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!