TROYANOSYVIRUS
Voltar para CVEs

CVE-2017-10261

N/A

Descricao

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado10/19/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

oracle:database

Fraquezas (CWE)

CWE-200

Referencias

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html(secalert_us@oracle.com)
http://www.securityfocus.com/bid/101344(secalert_us@oracle.com)
http://www.securitytracker.com/id/1039591(secalert_us@oracle.com)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/101344(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039591(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.