CVE-2009-0977 — SQL Injection in Oracle Database 10G

3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.7%

top 27.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database 10G Oracle Database 9I

Timeline

PublishedApr 15

Latest updateMay 2

Description

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages2 packages

▶NVDoracle/database_9i9.2.0.8, 9.2.0.8dv+1

▶NVDoracle/database_10g10.1.0.5, 10.2.0.3+1

🔴Vulnerability Details

GHSA

GHSA-5367-pj7f-p2xr: Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9↗2022-05-02

▶

CVEList

CVE-2009-0977: Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9↗2009-04-15

▶