CVE-2014-6477Sensitive Information Exposure in Oracle Database Server

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
6.8MEDIUMNVD
CNA4.0
EPSS
0.2%
top 63.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedNov 23
Latest updateMay 17

Description

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

NVDoracle/database_server5 versions+4

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-vrjg-j6j3-cjqv: Unspecified vulnerability in the JPublisher component in Oracle Database Server 112022-05-17
CVEList
CVE-2014-6477: Unspecified vulnerability in the JPublisher component in Oracle Database Server 112014-11-23

💬Community

2
Bugzilla
CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various fl2014-01-29
Bugzilla
CVE-2013-6477 pidgin: DoS when handling timestamps in the XMPP plugin2014-01-22
CVE-2014-6477 — Sensitive Information Exposure | cvebase