CVE-2004-1338

CWE-2643 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 46.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server Oracle Oracle9i

Timeline

PublishedDec 23

Latest updateApr 29

Description

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDoracle/oracle9i13 versions+12

▶NVDoracle/database_server10.2.1

Patches

Patch: www.ngssoftware.com ↗Patch: www.ngssoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-w7hr-v9m4-rf7p: The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or E↗2022-04-29

▶

CVEList

CVE-2004-1338: The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or E↗2005-01-06

▶