6.3 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.2%
Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library.
CPE | Name | Operator | Version |
---|---|---|---|
database_server | eq | 10.2.0.4 | |
database_server | eq | 11.1.0.6 |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
labs.idefense.com/intelligence/vulnerabilities/display.php?id=727
secunia.com/advisories/31087
secunia.com/advisories/31113
www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
www.securityfocus.com/archive/1/494544/100/0/threaded
www.securitytracker.com/id?1020499
www.vupen.com/english/advisories/2008/2109/references
www.vupen.com/english/advisories/2008/2115