Unrated severityNVD Advisory· Published Jan 19, 2011· Updated Apr 29, 2026

CVE-2010-3599

Description

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.

Affected products

Oracle Corporation/Fusion Middleware2 versions
cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlnvdVendor Advisory
www.vupen.com/english/advisories/2011/0143nvdVendor Advisory
dsecrg.com/pages/vul/show.phpnvd
secunia.com/advisories/42976nvd
www.securityfocus.com/archive/1/515956/100/0/threadednvd
www.securityfocus.com/bid/45856nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/64767nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000