CVE-2006-0547Oracle Database Server vulnerability

6 documents3 sources
Severity
7.5HIGHNVD
NVD6.0CNA10.0
EPSS
9.0%
top 7.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedFeb 4
Latest updateMay 1

Description

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this iss

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_server8 versions+7

🔴Vulnerability Details

4
GHSA
GHSA-8pw7-9jfw-847q: Unspecified vulnerability in the Authentication component for Oracle Database 102022-05-01
GHSA
GHSA-559x-r5hp-v76r: Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit l2022-05-01
CVEList
CVE-2007-2112: Unspecified vulnerability in the Authentication component for Oracle Database 102007-04-18
CVEList
CVE-2006-0547: Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit l2006-02-04
CVE-2006-0547 — Oracle Database Server vulnerability | cvebase