Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0981Oracle Database 11G vulnerability

4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
32.8%
top 3.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database 11G
Timeline
PublishedApr 15
Latest updateMay 2

Description

Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDoracle/database_11g11.1.0.7

🔴Vulnerability Details

2
GHSA
GHSA-pj8x-5x3r-98wr: Unspecified vulnerability in the Application Express component in Oracle Database 112022-05-02
CVEList
CVE-2009-0981: Unspecified vulnerability in the Application Express component in Oracle Database 112009-04-15

💥Exploits & PoCs

1
Exploit-DB
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes2009-04-16
CVE-2009-0981 — Oracle Database 11G vulnerability | cvebase