CVE-2007-2115SQL Injection in Oracle Database Server

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
3.9%
top 11.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedApr 18
Latest updateMay 1

Description

Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_server10.1.0.5, 10.2.0.2, 9.2.0.7+2

🔴Vulnerability Details

2
GHSA
GHSA-w8qx-8wv5-cfpj: Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 92022-05-01
CVEList
CVE-2007-2115: Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 92007-04-18
CVE-2007-2115 — SQL Injection in Oracle Database Server | cvebase