Back to CVE Browser

CVE-2017-10282

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1430%

EPSS Percentile32.11th

PublishedJan 18, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

📦

Oracle

Database Server

= 12.1.0.2

📦

Oracle

Database Server

= 12.2.0.1

References & Advisories

🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

🔗 http://www.securityfocus.com/bid/102534

🔗 http://www.securitytracker.com/id/1040196

🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

🔗 http://www.securityfocus.com/bid/102534

🔗 http://www.securitytracker.com/id/1040196

Related Vulnerabilities

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-1999-074510.0

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.