CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-10282

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile32.11th
Published2018年1月18日
Last Modified2024年11月21日

Vulnerability Description

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

📦
Oracle

Database Server

= 12.1.0.2
📦
Oracle

Database Server

= 12.2.0.1

References & Advisories

🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
🔗 http://www.securityfocus.com/bid/102534
🔗 http://www.securitytracker.com/id/1040196
🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
🔗 http://www.securityfocus.com/bid/102534
🔗 http://www.securitytracker.com/id/1040196

関連する脆弱性情報

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-1999-074510.0

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.