CVE-2009-0992SQL Injection in Oracle Database 10G

3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 29.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Database 10GOracle Database 11G
Timeline
PublishedApr 15
Latest updateMay 2

Description

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages2 packages

NVDoracle/database_10g10.1.0.5, 10.2.0.4+1
NVDoracle/database_11g11.1.0.7

🔴Vulnerability Details

2
GHSA
GHSA-hg52-c72h-rv36: Unspecified vulnerability in the Advanced Queuing component in Oracle Database 102022-05-02
CVEList
CVE-2009-0992: Unspecified vulnerability in the Advanced Queuing component in Oracle Database 102009-04-15
CVE-2009-0992 — SQL Injection in Oracle Database 10G | cvebase