Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0888Oracle Database Server vulnerability

5 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.4%
top 39.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Database ServerOracle Oracle8i
Timeline
PublishedAug 16
Latest updateApr 30

Description

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDoracle/oracle8i5 versions+4
NVDoracle/database_server7.3.3, 7.3.4+1

🔴Vulnerability Details

2
GHSA
GHSA-w5qw-2qqp-q5cr: dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find2022-04-30
CVEList
CVE-1999-0888: dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find2000-04-18

💥Exploits & PoCs

2
Exploit-DB
Oracle 8 8.1.5 - Intelligent Agent (1)1999-08-16
Exploit-DB
Oracle 8 8.1.5 - Intelligent Agent (2)1999-08-16
CVE-1999-0888 — Oracle Database Server vulnerability | cvebase