ERPScanERPSCAN-09-010Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection
3.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:P/A:N
0.434 Medium
EPSS
Percentile
97.0%
Application: Oracle Database 10G **Versions Affected:**Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL:<http://oracle.com> **Bugs:**PL/SQL Injections **Exploits:**YES **Reported:**29.01.2008 **Vendor response:**31.01.2008 **CVE:**CVE-2009-1991 **SVSS2:**3.6 **Date of Public Advisory:**26.10.2009 **Solution:**YES (Non official) Author: Alexandr Polyakov
Description
Oracle Database 10G and 9g are vulnerable to PL/SQL Injection. PL/SQL Injection found in the following procedure ctxsys.drvxtabc.create_tables
Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data.
Related
3.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:P/A:N
0.434 Medium
EPSS
Percentile
97.0%