PT-2015-1810 · Oracle · Oracle Data Quality+1

Published

2015-03-13

Updated

2015-07-16

CVE-2015-0445

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Data Integrator versions (affected versions not specified) Oracle Data Quality versions (affected versions not specified)

Description The issue exists due to incorrect restriction of a directory path name with limited access in an Oracle subcomponent. Exploitation of this issue may allow a remote attacker to compromise the integrity, availability, and confidentiality of information.

Recommendations For Oracle Data Integrator, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Oracle Data Quality, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2015-11156

CVE-2015-0445

ZDI-15-104

Affected Products

Oracle Data Integrator

Oracle Data Quality

PT-2015-1810 · Oracle · Oracle Data Quality+1

CVE-2015-0445

Weakness Enumeration

Related Identifiers

Affected Products

References · 5