PT-2017-1145 · Oracle · Oracle Database Server+1

Published

2017-01-27

Updated

2017-07-26

CVE-2017-3240

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database Server version 12.1.0.2

Description The issue is related to the RDBMS Security component of Oracle Database Server, where an easily exploitable vulnerability allows a low-privileged attacker with local logon privilege to compromise RDBMS Security. This can result in unauthorized read access to a subset of RDBMS Security accessible data. The vulnerability is associated with a lack of protection for service data.

Recommendations For version 12.1.0.2, update to a version that includes a fix for this issue to prevent unauthorized read access to RDBMS Security data. As a temporary workaround, consider restricting access to the RDBMS Security component to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2017-00242

CVE-2017-3240

Affected Products

Oracle Database

Oracle Database Server

PT-2017-1145 · Oracle · Oracle Database Server+1

CVE-2017-3240

Weakness Enumeration

Related Identifiers

Affected Products

References · 6