CVE-2014-6541

2015-01-2115:28:00

oracle

web.nvd.nist.gov

cve-2014-6541

oracle database server

unspecified vulnerability

recovery component

windows

dbms_ir

nvd

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:C/I:N/A:N

AI Score

5.3

Confidence

Low

EPSS

0.001

Percentile

44.9%

JSON

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

Affected configurations

Nvd

Node

oracledatabase_serverMatch11.1.0.7

oracledatabase_serverMatch11.2.0.3

oracledatabase_serverMatch11.2.0.4

oracledatabase_serverMatch12.1.0.1

oracledatabase_serverMatch12.1.0.2

VendorProductVersionCPE
oracledatabase_server11.1.0.7cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
oracledatabase_server11.2.0.3cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
oracledatabase_server11.2.0.4cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
oracledatabase_server12.1.0.1cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*
oracledatabase_server12.1.0.2cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	database_server	11.1.0.7	cpe:2.3:a:oracle:database_server:11.1.0.7:::::::*
oracle	database_server	11.2.0.3	cpe:2.3:a:oracle:database_server:11.2.0.3:::::::*
oracle	database_server	11.2.0.4	cpe:2.3:a:oracle:database_server:11.2.0.4:::::::*
oracle	database_server	12.1.0.1	cpe:2.3:a:oracle:database_server:12.1.0.1:::::::*
oracle	database_server	12.1.0.2	cpe:2.3:a:oracle:database_server:12.1.0.2:::::::*