5.5
CVE-2008-3979
- EPSS 32.43%
- Veröffentlicht 14.01.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 22:56:56
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Database 10g Version10.1.0.5
Oracle ≫ Database 10g Version10.2.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 32.43% | 0.981 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
http://secunia.com/advisories/33525
http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
http://www.securityfocus.com/bid/33177
http://www.securitytracker.com/id?1021561
http://www.vupen.com/english/advisories/2009/0115
http://osvdb.org/51354
http://www.securityfocus.com/archive/1/500061/100/0/threaded
https://www.exploit-db.com/exploits/8074