cbcvebase.
CVE-2008-5448
published 2009-01-14

CVE-2008-5448: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity…

PriorityP265critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
38.57%
98.4th percentile
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.

Affected

1 ranges
VendorProductVersion rangeFixed in
oraclesecure_backup

Detection & IOCsextracted from sources · hover to see the quote

  • This CVE affects Oracle Secure Backup versions 10.1.0.3 through 10.2.0.2 via a command injection vulnerability in the exec_qr() function
  • ·The NVD source (DOC 1) describes CVE-2008-5444, not CVE-2008-5448, and notes it is a *different* vulnerability than CVE-2008-5448 and CVE-2008-5449 — no direct technical detail for CVE-2008-5448 is present in the provided sources.
  • ·The Metasploit module (DOC 2) targets exec_qr() command injection but is attributed to CVE-2008-5448 only by association with the Oracle Secure Backup 10.1.0.3–10.2.0.2 affected range; the module filename is osb_execqr.rb.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.