CVE-2008-1811 — Oracle Application Express vulnerability

4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.8%

top 26.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Express

Timeline

PublishedApr 16

Latest updateMay 1

Description

Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote aut…

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDoracle/application_express3.0.1

🔴Vulnerability Details

GHSA

GHSA-c5jc-2g4g-h22j: Unspecified vulnerability in Oracle Application Express 3↗2022-05-01

▶

CVEList

CVE-2008-1811: Unspecified vulnerability in Oracle Application Express 3↗2008-04-16

▶

💬Community

Bugzilla

CVE-2008-2719 nasm: off-by-one error in the ppscan function↗2008-06-18

▶