7.5

CVE-2003-1193

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleApplication Server Portal Version3.0.9.8.5
OracleApplication Server Portal Version9.0.2.3
OracleApplication Server Portal Version9.0.2.3a
OracleApplication Server Portal Version9.0.2.3b
OracleOracle9i Version9.0.2
OracleOracle9i Version9.0.2.0.0
OracleOracle9i Version9.0.2.0.1
OracleOracle9i Version9.0.2.1
OracleOracle9i Version9.0.2.2
OracleOracle9i Version9.0.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.75
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
Patch
http://www.securityfocus.com/archive/1/343520
Patch
Vendor Advisory
http://www.securityfocus.com/bid/8966
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13593