CVE-2007-0268 — Oracle Database Server vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

4.6%

top 10.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedJan 17

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNA…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/database_server10.1.0.5, 9.0.1.5, 9.2.0.7+2

Patches

Patch: secunia.com ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cpmc-6m46-x7gx: Multiple unspecified vulnerabilities in Oracle Database 9↗2022-05-01

▶

CVEList

CVE-2007-0268: Multiple unspecified vulnerabilities in Oracle Database 9↗2007-01-17

▶