| Vulnerability Name: | CVE-2003-1193 (CCN-13593) | ||||||||
| Assigned: | 2003-11-03 | ||||||||
| Published: | 2003-11-03 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR05112003 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS Source: MITRE Type: CNA CVE-2003-1193 Source: CCN Type: Oracle Security Alert #61 SQL Injection Vulnerability in Oracle9i Application Server Source: CONFIRM Type: Patch http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf Source: CCN Type: CIAC Information Bulletin O-017 Oracle SQL Injection Vulnerability in Oracle9i Application Server Source: CCN Type: OSVDB ID: 2763 Oracle Application Server Multiple Portal Component Unspecified SQL Injection Source: BUGTRAQ Type: Patch, Vendor Advisory 20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003) Source: BID Type: Vendor Advisory 8966 Source: CCN Type: BID-8966 Oracle9iAS Portal Component SQL Injection Vulnerability Source: XF Type: UNKNOWN oracle-portal-sql-injection(13593) Source: XF Type: UNKNOWN oracle-portal-sql-injection(13593) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||