7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.897 High
EPSS
Percentile
98.7%
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
www.appsecinc.com/resources/alerts/oracle/2005-02.html
www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt
www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql
www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
www.securityfocus.com/archive/1/396133
www.securityfocus.com/archive/1/404970
www.securityfocus.com/bid/13236
exchange.xforce.ibmcloud.com/vulnerabilities/20159