Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1977

4 documents4 sources

Severity

10.0CRITICAL

EPSS

83.9%

top 0.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Secure Backup

Timeline

PublishedJul 14

Latest updateMay 2

Description

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/secure_backup10.2.0.3

🔴Vulnerability Details

GHSA

GHSA-654f-pfp4-h5x6: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10↗2022-05-02

▶

CVEList

CVE-2009-1977: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10↗2009-07-14

▶

💥Exploits & PoCs

Exploit-DB

Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection↗2009-09-14

▶