CVE-2008-2603

2008-07-1523:41:00

[email protected]

web.nvd.nist.gov

oracle

database

vulnerability

resource manager

cve-2008-2603

remote attack vector

xss

cross-site scripting

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.

Affected configurations

NVD

Node

oracleenterprise_managerMatch10.1.0.5

oracleenterprise_managerMatch10.2.0.4

oracleenterprise_managerMatch11.1.0.6

CPENameOperatorVersion
oracle:enterprise_manageroracle enterprise managereq10.1.0.5
oracle:enterprise_manageroracle enterprise managereq10.2.0.4
oracle:enterprise_manageroracle enterprise managereq11.1.0.6

CPE	Name	Operator	Version
oracle:enterprise_manager	oracle enterprise manager	eq	10.1.0.5
oracle:enterprise_manager	oracle enterprise manager	eq	10.2.0.4
oracle:enterprise_manager	oracle enterprise manager	eq	11.1.0.6