CVE-2004-1368

3 documents3 sources

Severity

7.8HIGH

EPSS

5.3%

top 9.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Collaboration Suite Oracle E-business Suite +6 more

Timeline

PublishedAug 4

Latest updateApr 29

Description

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages9 packages

▶NVDoracle/application_server11 versions+10

▶NVDoracle/oracle8i19 versions+18

▶NVDoracle/oracle9i36 versions+35

▶NVDoracle/oracle10g6 versions+5

▶NVDoracle/e-business_suite9 versions+8

Patches

Patch: www.ngssoftware.com ↗Patch: www.securityfocus.com ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-5q2v-98f2-hvgp: ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the lo↗2022-04-29

▶

CVEList

CVE-2004-1368: ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the lo↗2005-01-19

▶