CyberSec.Space Logo
Back to CVE Browser

CVE-2019-2517

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile8.38th
PublishedApr 23, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

📦
Oracle

Database Server

= 12.2.0.1
📦
Oracle

Database Server

= 18c

References & Advisories

🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Related Vulnerabilities

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-1999-074510.0

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.