5.5
CVE-2007-3854
- EPSS 2.53%
- Veröffentlicht 18.07.2007 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Application Server Version1.0.2.2 Updater2
Oracle ≫ Application Server Version9.0.4.3
Oracle ≫ Application Server Version10.1.2.0.1
Oracle ≫ Application Server Version10.1.2.0.2
Oracle ≫ Application Server Version10.1.2.1.0
Oracle ≫ Application Server Version10.1.2.2.0
Oracle ≫ Application Server Version10.1.3.0.0
Oracle ≫ Application Server Version10.1.3.1.0
Oracle ≫ Application Server Version10.1.3.2.0
Oracle ≫ Application Server Version10.1.3.3.0
Oracle ≫ Collaboration Suite Version10.1.2
Oracle ≫ Database Server Version9.0.1.5 Editionfips
Oracle ≫ Database Server Version9.2.0.7 Updater2
Oracle ≫ Database Server Version9.2.0.8 Updater2
Oracle ≫ Database Server Version9.2.0.8dv Updater2
Oracle ≫ Database Server Version10.1.0.5
Oracle ≫ Database Server Version10.2.0.2 Updater2
Oracle ≫ Database Server Version10.2.0.3 Updater2
Oracle ≫ E-business Suite Version11.5.8
Oracle ≫ E-business Suite Version11.5.9
Oracle ≫ E-business Suite Version11.5.10
Oracle ≫ E-business Suite Version11.5.10.2
Oracle ≫ E-business Suite Version12.0.0
Oracle ≫ E-business Suite Version12.0.1
Oracle ≫ Peoplesoft Enterprise Human Capital Management Version8.9
Oracle ≫ Peoplesoft Enterprise Human Capital Management Version9.0
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.22
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.47
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.48
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.49
Oracle ≫ Secure Enterprise Search Version10.1.6
Oracle ≫ Secure Enterprise Search Version10.1.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.53% | 0.829 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
http://secunia.com/advisories/26114
http://secunia.com/advisories/26166
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html
http://www.securitytracker.com/id?1018415
http://www.us-cert.gov/cas/techalerts/TA07-200A.html
http://www.vupen.com/english/advisories/2007/2562
http://www.vupen.com/english/advisories/2007/2635
https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
https://exchange.xforce.ibmcloud.com/vulnerabilities/35497