CVE-2019-2799Corporation Odbc Driver vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Odbc DriverOracle Database Server
Timeline
PublishedJul 23
Latest updateMay 24

Description

Vulnerability in the Oracle ODBC Driver component of Oracle Database Server ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Win

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5oracle_corporation/odbc_driver4 versions+3
NVDoracle/database_server4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-3362-4fq6-j3mc: Vulnerability in the Oracle ODBC Driver component of Oracle Database Server ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***2022-05-24
CVEList
CVE-2019-2799: Vulnerability in the Oracle ODBC Driver component of Oracle Database Server ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***2019-07-23
CVE-2019-2799 — Corporation Odbc Driver vulnerability | cvebase