6.8

CVE-2007-2108

EPSS 32.86%
Published 18.04.2007 18:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01.  NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows

Oracle ≫ Database Server Version9.0.1.5

Oracle ≫ Database Server Version9.2.0.8

Oracle ≫ Database Server Version10.1.0.5

Oracle ≫ Database Server Version10.2.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	32.86%	0.965

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.ngssoftware.com/papers/database-on-xp.pdf

http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf

http://www.kb.cert.org/vuls/id/809457

US Government Resource

http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf

http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html

http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html

http://www.securityfocus.com/archive/1/466329/100/200/threaded

http://www.securityfocus.com/bid/23532

http://www.securitytracker.com/id?1017927

http://www.us-cert.gov/cas/techalerts/TA07-108A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/1426

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-2108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2108

EUVD