CVE-2006-1870 — Oracle Database Server vulnerability

6 documents3 sources

Severity

9.0CRITICALNVD

NVD4.6

EPSS

3.4%

top 12.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedApr 20

Latest updateMay 1

Description

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is the same issue as CVE-2006-2081.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server5 versions+4

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-7jg3-5w3h-9634: Unspecified vulnerability in Oracle Database Server 8↗2022-05-01

▶

GHSA

GHSA-3r8p-382h-8p7p: Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT↗2022-05-01

▶

CVEList

CVE-2006-2081: Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT↗2006-04-27

▶

CVEList

CVE-2006-1870: Unspecified vulnerability in Oracle Database Server 8↗2006-04-20

▶