Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3855Oracle Database Server vulnerability

5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
33.0%
top 3.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedJul 18
Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_server5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-gm9q-2pmp-cv6h: Multiple unspecified vulnerabilities in Oracle Database 92022-05-01
CVEList
CVE-2007-3855: Multiple unspecified vulnerabilities in Oracle Database 92007-07-18

💥Exploits & PoCs

2
Exploit-DB
Oracle 9i/10g - Evil Views Change Passwords2007-07-19
Exploit-DB
Oracle Database - SQL Compiler Views Unauthorized Manipulation2007-07-12
CVE-2007-3855 — Oracle Database Server vulnerability | cvebase