CVE-2008-2625

3 documents3 sources
Severity
4.0MEDIUM
EPSS
0.5%
top 35.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Database 10GOracle Database 9I
Timeline
PublishedOct 14
Latest updateMay 1

Description

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages2 packages

NVDoracle/database_9i9.2.0.8, 9.2.0.8dv+1
NVDoracle/database_10g10.1.0.5, 10.2.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-6826-c5xm-mv7f: Unspecified vulnerability in the Core RDBMS component in Oracle Database 92022-05-01
CVEList
CVE-2008-2625: Unspecified vulnerability in the Core RDBMS component in Oracle Database 92008-10-14
CVE-2008-2625 (MEDIUM CVSS 4) | Unspecified vulnerability in the Co | cvebase.io