CVE-2007-2112 — Oracle Database Server vulnerability

3 documents3 sources
Severity
6.0MEDIUMNVD
CNA7.5
EPSS
12.4%
top 6.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedApr 18
Latest updateMay 1

Description

Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger ("AFTER LOGON ON DATABASE" trigger directive), a related issue to CVE-2006-0547.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

â–¶NVDoracle/database_server10.1.0.5, 10.2.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-8pw7-9jfw-847q: Unspecified vulnerability in the Authentication component for Oracle Database 10↗2022-05-01
â–¶
CVEList
CVE-2007-2112: Unspecified vulnerability in the Authentication component for Oracle Database 10↗2007-04-18
â–¶
CVE-2007-2112 — Oracle Database Server vulnerability | cvebase