CVE-2017-3240Sensitive Information Exposure in Oracle Database

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 84.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle DatabaseOracle Database Server
Timeline
PublishedJan 27
Latest updateMay 17

Description

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5oracle/oracle_database12.1.0.2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-c96v-9339-qhf6: Vulnerability in the RDBMS Security component of Oracle Database Server2022-05-17
CVEList
CVE-2017-3240: Vulnerability in the RDBMS Security component of Oracle Database Server2017-01-27
CVE-2017-3240 — Sensitive Information Exposure | cvebase