Lucene search
PRIOn knowledge basePRION:CVE-2015-0393HistoryJan 21, 2015 - 6:59 p.m.
Code injection
2015-01-2118:59:00
PRIOn knowledge base
www.prio-n.com
2
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher’s claim that the PUBLIC role is granted the INDEX privilege for the DUAL table during a “seeded install,” which allows remote authenticated users to gain SYSDBA privileges and execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| e-business_suite | eq | 12.0.6 | |
| e-business_suite | eq | 12.2.3 | |
| e-business_suite | eq | 11.5.10.2 | |
| e-business_suite | eq | 12.1.3 | |
| e-business_suite | eq | 12.2.2 | |
| e-business_suite | eq | 12.2.4 |
Related
cvelist
cvelist
CVE-2015-0393
2015-01-21 18:00:00
cve
cve
CVE-2015-0393
2015-01-21 18:59:36
nvd
nvd
CVE-2015-0393
2015-01-21 18:59:36
threatpost
threatpost
January 2015 Oracle Critical Patch update
2015-01-21 09:47:21
thn
thn
Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities
2015-01-21 08:36:00
nessus
nessus
Oracle E-Business Multiple Vulnerabilities (January 2015 CPU)
2015-01-23 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00