Passlogix v-GO Self-Service Password Reset (SSPR) and OEM prior to 7.0A allows physically proximate malicious users to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle passlogix v-go self-service password reset and oem 7.0 |