CVE-2009-0978
published 2009-04-15CVE-2009-0978: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect…
PriorityP340medium5.5CVSS 2.0
AVNACLAuSCPIPAN
EXPLOIT
EPSS
17.87%
96.8th percentile
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | database_10g | — | — |
| oracle | database_11g | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation targets the ROLLBACKWORKSPACE procedure within the PL/SQL package SYS.LT — monitor for SQL injection attempts against this specific procedure ↗
- →Any Oracle DB user with EXECUTE privilege on SYS.LT is a potential attacker — audit and restrict EXECUTE grants on SYS.LT to least-privilege principals ↗
- →Affected versions are Oracle Database 10.2.0.4 and 11.1.0.6 — scope detection rules to these specific version strings in DB audit logs or banner grabs ↗
- ·The vulnerability is described as 'unspecified' by Oracle — attack vectors beyond the known SYS.LT.ROLLBACKWORKSPACE SQL injection path may exist and are not publicly documented ↗
- ·This CVE is distinct from CVE-2009-0975, which affects the same Workspace Manager component — ensure detection/patching covers both vulnerabilities independently ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3rh3-x38g-8fjx: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10
ghsa_unreviewed·2022-05-02·CVSS 5.5
CVE-2009-0978 [MEDIUM] GHSA-3rh3-x38g-8fjx: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.
GHSA
GHSA-fhf8-78f6-2vv8: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10
ghsa_unreviewed·2022-05-02·CVSS 5.5
CVE-2009-0975 [MEDIUM] GHSA-fhf8-78f6-2vv8: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/53734http://secunia.com/advisories/34693http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.htmlhttp://www.securityfocus.com/bid/34461http://www.securitytracker.com/id?1022052http://www.us-cert.gov/cas/techalerts/TA09-105A.htmlhttp://osvdb.org/53734http://secunia.com/advisories/34693http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.htmlhttp://www.securityfocus.com/bid/34461http://www.securitytracker.com/id?1022052http://www.us-cert.gov/cas/techalerts/TA09-105A.html
2009-04-15
Published