6.8

CVE-2007-2108

EPSS 32.86%
Veröffentlicht 18.04.2007 18:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01.  NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows

Oracle ≫ Database Server Version9.0.1.5

Oracle ≫ Database Server Version9.2.0.8

Oracle ≫ Database Server Version10.1.0.5

Oracle ≫ Database Server Version10.2.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.86%	0.965

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.ngssoftware.com/papers/database-on-xp.pdf

http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf

http://www.kb.cert.org/vuls/id/809457

US Government Resource

http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf

http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html

http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html

http://www.securityfocus.com/archive/1/466329/100/200/threaded

http://www.securityfocus.com/bid/23532

http://www.securitytracker.com/id?1017927

http://www.us-cert.gov/cas/techalerts/TA07-108A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/1426

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-2108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2108

EUVD