CVE-2008-5448
published 2009-01-14CVE-2008-5448: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity…
PriorityP265critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
38.57%
98.4th percentile
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | secure_backup | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →This CVE affects Oracle Secure Backup versions 10.1.0.3 through 10.2.0.2 via a command injection vulnerability in the exec_qr() function ↗
- ·The NVD source (DOC 1) describes CVE-2008-5444, not CVE-2008-5448, and notes it is a *different* vulnerability than CVE-2008-5448 and CVE-2008-5449 — no direct technical detail for CVE-2008-5448 is present in the provided sources. ↗
- ·The Metasploit module (DOC 2) targets exec_qr() command injection but is attributed to CVE-2008-5448 only by association with the Oracle Secure Backup 10.1.0.3–10.2.0.2 affected range; the module filename is osb_execqr.rb. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7pp-x8v9-66hm: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2008-5444 [CRITICAL] GHSA-f7pp-x8v9-66hm: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449.
GHSA
GHSA-x6hv-vghf-34rm: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2008-5449 [CRITICAL] GHSA-x6hv-vghf-34rm: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5448.
GHSA
GHSA-qpj8-xcmr-qg4j: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2008-5448 [CRITICAL] GHSA-qpj8-xcmr-qg4j: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.
No detection rules found.
Talos
Rule release for today - January 27th 2009
blogs_talos·2009-01-27·CVSS 10.0
CVE-2008-4006 [CRITICAL] Rule release for today - January 27th 2009
## Rule release for today - January 27th 2009
Large batch of Oracle vulnerabilities today. We've had to work through these carefully as details were pretty scant. Here's what we released:
Oracle Secure Backup Command Injection (CVE-2008-4006) Oracle BPEL Injection (CVE-2008-4014) Oracle Secure Backup Command Injection (CVE-2008-5440) Oracle Secure Backup Buffer Overflow (CVE-2008-5444) Oracle Secure Backup Command Injection (CVE-2008-5448) Oracle Secure Backup Command Injection (CVE-2008-5449) Oracle BEA WebLogic Denial of Service (CVE-2008-5457)
More details can be found here: http://www.snort.org/vrt/advisories/vrt-rules-2009-01-27.html
Talos
Rule release for today - January 27th 2009
blogs_talos·2009-01-27·CVSS 10.0
CVE-2008-4006 [CRITICAL] Rule release for today - January 27th 2009
Large batch of Oracle vulnerabilities today. We've had to work through these carefully as details were pretty scant. Here's what we released:
Oracle Secure Backup Command Injection (CVE-2008-4006)
Oracle BPEL Injection (CVE-2008-4014)
Oracle Secure Backup Command Injection (CVE-2008-5440)
Oracle Secure Backup Buffer Overflow (CVE-2008-5444)
Oracle Secure Backup Command Injection (CVE-2008-5448)
Oracle Secure Backup Command Injection (CVE-2008-5449)
Oracle BEA WebLogic Denial of Service (CVE-2008-5457)
More details can be found here: http://www.snort.org/vrt/advisories/vrt-rules-2009-01-27.html
http://secunia.com/advisories/33525http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.htmlhttp://www.securityfocus.com/bid/33177http://www.vupen.com/english/advisories/2009/0115http://secunia.com/advisories/33525http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.htmlhttp://www.securityfocus.com/bid/33177http://www.vupen.com/english/advisories/2009/0115
2009-01-14
Published