CVE-2005-1496

3 documents3 sources
Severity
4.6MEDIUM
EPSS
1.4%
top 19.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Application ServerOracle Oracle10g
Timeline
PublishedMay 11
Latest updateMay 1

Description

The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDoracle/oracle10g9 versions+8
NVDoracle/application_server10.1.0.2, 10.1.0.3, 10.1.0.3.1+2

Patches

Patch: www.red-database-security.comPatch: www.red-database-security.com

🔴Vulnerability Details

2
GHSA
GHSA-wh9g-3hpf-7h7f: The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS2022-05-01
CVEList
CVE-2005-1496: The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS2005-05-11
CVE-2005-1496 (MEDIUM CVSS 4.6) | The DBMS_Scheduler in Oracle 10g al | cvebase.io