CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-2517

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile8.38th
Published2019年4月23日
Last Modified2024年11月21日

Vulnerability Description

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

📦
Oracle

Database Server

= 12.2.0.1
📦
Oracle

Database Server

= 18c

References & Advisories

🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

相關漏洞威脅

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-1999-074510.0

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.