CVE-2007-3854

3 documents3 sources
Severity
5.5MEDIUM
EPSS
9.5%
top 7.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Oracle ApexOracle Application ServerOracle Collaboration Suite+6 more
Timeline
PublishedJul 18
Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages9 packages

NVDoracle/database_server7 versions+6
NVDoracle/apex4 versions+3
NVDoracle/e-business_suite6 versions+5
NVDoracle/application_server10 versions+9

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-47p6-9mfm-8c7j: Multiple unspecified vulnerabilities in Oracle Database 92022-05-01
CVEList
CVE-2007-3854: Multiple unspecified vulnerabilities in Oracle Database 92007-07-18
CVE-2007-3854 (MEDIUM CVSS 5.5) | Multiple unspecified vulnerabilitie | cvebase.io