Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2415Oracle Database Server vulnerability

4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
36.5%
top 2.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedOct 14
Latest updateMay 17

Description

Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages1 packages

NVDoracle/database_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-pwg3-j5p7-grph: Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 102022-05-17
CVEList
CVE-2010-2415: Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 102010-10-13

💥Exploits & PoCs

1
Metasploit
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
CVE-2010-2415 — Oracle Database Server vulnerability | cvebase