CVE-2019-3010

CVE Database · CVE-2019-3010

CVE-2019-3010

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

13.51%

Published

Oct 16, 2019

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2022-05-25 · Due: 2022-06-15

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBSolaris 11.4 - xscreensaver Privilege Escalation TrickestTrickest PoC index GitHub PoCchaizeg/privilege-escalation-breach★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products (1)

oracle · solarisvulnerable

References (7)

http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Oct/39

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

PatchVendor Advisory

http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Oct/39

KEV Catalog EPSS Scores Vendors All CVEs