CVE-2014-4289

2014-10-1515:55:06

oracle

web.nvd.nist.gov

cve-2014-4289

oracle

database server

jdbc component

confidentiality

integrity

remote authentication

nvd

CVSS2

3.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

AI Score

5.6

Confidence

Low

EPSS

0.001

Percentile

35.2%

JSON

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-6544.

Affected configurations

Nvd

Node

oracledatabase_serverMatch11.1.0.7

oracledatabase_serverMatch11.2.0.3

oracledatabase_serverMatch11.2.0.4

oracledatabase_serverMatch12.1.0.1

VendorProductVersionCPE
oracledatabase_server11.1.0.7cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
oracledatabase_server11.2.0.3cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
oracledatabase_server11.2.0.4cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
oracledatabase_server12.1.0.1cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	database_server	11.1.0.7	cpe:2.3:a:oracle:database_server:11.1.0.7:::::::*
oracle	database_server	11.2.0.3	cpe:2.3:a:oracle:database_server:11.2.0.3:::::::*
oracle	database_server	11.2.0.4	cpe:2.3:a:oracle:database_server:11.2.0.4:::::::*
oracle	database_server	12.1.0.1	cpe:2.3:a:oracle:database_server:12.1.0.1:::::::*