CVE-2007-3855

2007-07-1819:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3855

oracle database

unspecified vulnerabilities

remote authenticated users

dataguard

pl/sql

spatial component

sql compiler

nvd

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.928 High

EPSS

Percentile

99.0%

JSON

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.

CPENameOperatorVersion
oracle:database_serveroracle database servereq9.2.0.8
oracle:database_serveroracle database servereq9.2.0.8dv
oracle:database_serveroracle database servereq9.0.1.5
oracle:database_serveroracle database servereq10.2.0.3
oracle:database_serveroracle database servereq10.1.0.5

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	9.2.0.8
oracle:database_server	oracle database server	eq	9.2.0.8dv
oracle:database_server	oracle database server	eq	9.0.1.5
oracle:database_server	oracle database server	eq	10.2.0.3
oracle:database_server	oracle database server	eq	10.1.0.5