CVE-2002-2153Use of Externally-Controlled Format String in Oracle Application Server

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.5%
top 14.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Application Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/application_server4.0.8, 4.0.8.2+1

🔴Vulnerability Details

2
GHSA
GHSA-m9vh-455f-hcmr: Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 42022-04-30
CVEList
CVE-2002-2153: Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 42005-11-16
CVE-2002-2153 — Oracle Application Server vulnerability | cvebase