4.6

CVE-2004-1365

Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.

Data is provided by the National Vulnerability Database (NVD)
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2.0.0
OracleApplication Server Version9.0.2.0.1
OracleApplication Server Version9.0.2.1
OracleApplication Server Version9.0.2.2
OracleApplication Server Version9.0.2.3
OracleApplication Server Version9.0.3
OracleApplication Server Version9.0.3.1
OracleApplication Server Version9.0.4
OracleApplication Server Version9.0.4.0
OracleApplication Server Version9.0.4.1
OracleCollaboration Suite Versionrelease_1
OracleE-business Suite Version11.5.1
OracleE-business Suite Version11.5.2
OracleE-business Suite Version11.5.3
OracleE-business Suite Version11.5.4
OracleE-business Suite Version11.5.5
OracleE-business Suite Version11.5.6
OracleE-business Suite Version11.5.7
OracleE-business Suite Version11.5.8
OracleE-business Suite Version11.5.9
OracleEnterprise Manager Version9
OracleEnterprise Manager Version9.0.1
OracleOracle10g Versionenterprise_9.0.4_.0
OracleOracle10g Versionenterprise_10.1.0.2
OracleOracle10g Versionpersonal_9.0.4_.0
OracleOracle10g Versionpersonal_10.1_.0.2
OracleOracle10g Versionstandard_9.0.4_.0
OracleOracle10g Versionstandard_10.1_.0.2
OracleOracle8i Versionenterprise_8.0.5_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.1
OracleOracle8i Versionenterprise_8.1.5_.0.0
OracleOracle8i Versionenterprise_8.1.5_.0.2
OracleOracle8i Versionenterprise_8.1.5_.1.0
OracleOracle8i Versionenterprise_8.1.6_.0.0
OracleOracle8i Versionenterprise_8.1.6_.1.0
OracleOracle8i Versionenterprise_8.1.7_.0.0
OracleOracle8i Versionenterprise_8.1.7_.1.0
OracleOracle8i Versionenterprise_8.1.7_.4
OracleOracle8i Versionstandard_8.0.6
OracleOracle8i Versionstandard_8.0.6_.3
OracleOracle8i Versionstandard_8.1.5
OracleOracle8i Versionstandard_8.1.6
OracleOracle8i Versionstandard_8.1.7
OracleOracle8i Versionstandard_8.1.7_.0.0
OracleOracle8i Versionstandard_8.1.7_.1
OracleOracle8i Versionstandard_8.1.7_.4
OracleOracle9i Versionclient_9.2.0.1
OracleOracle9i Versionclient_9.2.0.2
OracleOracle9i Versionenterprise_8.1.7
OracleOracle9i Versionenterprise_9.0.1
OracleOracle9i Versionenterprise_9.0.1.4
OracleOracle9i Versionenterprise_9.0.1.5
OracleOracle9i Versionenterprise_9.2.0
OracleOracle9i Versionenterprise_9.2.0.1
OracleOracle9i Versionenterprise_9.2.0.2
OracleOracle9i Versionenterprise_9.2.0.3
OracleOracle9i Versionenterprise_9.2.0.4
OracleOracle9i Versionenterprise_9.2.0.5
OracleOracle9i Versionpersonal_8.1.7
OracleOracle9i Versionpersonal_9.0.1
OracleOracle9i Versionpersonal_9.0.1.4
OracleOracle9i Versionpersonal_9.0.1.5
OracleOracle9i Versionpersonal_9.2
OracleOracle9i Versionpersonal_9.2.0.1
OracleOracle9i Versionpersonal_9.2.0.2
OracleOracle9i Versionpersonal_9.2.0.3
OracleOracle9i Versionpersonal_9.2.0.4
OracleOracle9i Versionpersonal_9.2.0.5
OracleOracle9i Versionstandard_8.1.7
OracleOracle9i Versionstandard_9.0
OracleOracle9i Versionstandard_9.0.1
OracleOracle9i Versionstandard_9.0.1.2
OracleOracle9i Versionstandard_9.0.1.3
OracleOracle9i Versionstandard_9.0.1.4
OracleOracle9i Versionstandard_9.0.1.5
OracleOracle9i Versionstandard_9.0.2
OracleOracle9i Versionstandard_9.2
OracleOracle9i Versionstandard_9.2.0.1
OracleOracle9i Versionstandard_9.2.0.2
OracleOracle9i Versionstandard_9.2.0.3
OracleOracle9i Versionstandard_9.2.0.4
OracleOracle9i Versionstandard_9.2.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.577
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Patch
Third Party Advisory
US Government Resource