CVE-2008-5440 — Use of Externally-Controlled Format String in Oracle Timesten In-memory Database

5 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.0%

top 16.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Timesten In-memory Database

Timeline

PublishedJan 14

Latest updateMay 14

Description

Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/timesten_in-memory_database7.0.5.0.0

🔴Vulnerability Details

GHSA

GHSA-h4hc-rm3c-w49f: Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7↗2022-05-14

▶

CVEList

CVE-2008-5440: Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7↗2009-01-14

▶

🕵️Threat Intelligence

Talos

Rule release for today - January 27th 2009↗2009-01-27

▶

Talos

Rule release for today - January 27th 2009↗2009-01-27

▶