CVE-2006-0271

4 documents4 sources
Severity
10.0CRITICAL
EPSS
1.6%
top 18.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Database ServerOracle Oracle10gOracle Oracle8i+1 more
Timeline
PublishedJan 18
Latest updateMay 1

Description

Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS,

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDoracle/oracle8ienterprise_8.1.7.4, standard_8.1.7.4+1
NVDoracle/oracle9ienterprise_9.0.1.5, standard_9.2.0.7+1
NVDoracle/oracle10genterprise_10.1.0.4, personal_10.1.0.4, standard_10.1.0.4+2

🔴Vulnerability Details

2
GHSA
GHSA-phg8-vw44-8h8q: Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 82022-05-01
CVEList
CVE-2006-0271: Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 82006-01-18

💬Community

1
Bugzilla
CVE-2006-1354 FreeRADIUS authentication bypass2006-03-21
CVE-2006-0271 (CRITICAL CVSS 10) | Unspecified vulnerability in the Up | cvebase.io