PT-2017-11118 · Oracle · Oracle Database Server+1

Published

2017-08-08

Updated

2019-10-03

CVE-2017-10120

CVSS v3.1

1.9

Low

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database Server version 12.1.0.2

Description The issue affects the RDBMS Security component of Oracle Database Server, allowing a high-privileged attacker with Create Session and Select Any Dictionary privileges to compromise RDBMS Security. This can result in unauthorized update, insert, or delete access to some RDBMS Security accessible data. The vulnerability is difficult to exploit and requires logon to the infrastructure where RDBMS Security executes.

Recommendations For Oracle Database Server version 12.1.0.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-10120

Affected Products

Oracle Database

Oracle Database Server

PT-2017-11118 · Oracle · Oracle Database Server+1

CVE-2017-10120

Related Identifiers

Affected Products

References · 5