Lucene search

K
cve[email protected]CVE-2006-3705
HistoryJul 21, 2006 - 2:03 p.m.

CVE-2006-3705

2006-07-2114:03:00
NVD-CWE-noinfo
web.nvd.nist.gov
17
cve-2006-3705
oracle database
vulnerabilities
oracle vuln
sql injection
sys.dbms_stats
sys.dbms_upgrade

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.3%

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.

References

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.3%

Related for CVE-2006-3705