Vulnerability Name: CVE-2004-1370 (CCN-18665) Assigned: 2004-08-04 Published: 2004-08-04 Updated: 2017-07-11 Summary: Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Privileges References: Source: CCNOracle multiple PL/SQL injection vulnerabilities (#NISR2122004H) CVE-2004-1370 20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H) 101782 Oracle Database Server contains several vulnerabilities VU#316206 http://www.ngssoftware.com/advisories/oracle23122004H.txt This security alert addresses security vulnerabilities in Oracles server products. http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf Oracle Multiple Procedure PL/SQL Injection Privilege Elevation 10871 Oracle Multiple Unspecified Vulnerabilities TA04-245A oracle-procedure-sql-injection(18665) oracle-procedure-sql-injection(18665) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:application_server:*:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager:9:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:database_server:9.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.1.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.1:*:*:*:*:*:*:* BACK
oracle application server *
oracle application server 9.0.2
oracle application server 9.0.2.0.0
oracle application server 9.0.2.0.1
oracle application server 9.0.2.1
oracle application server 9.0.2.2
oracle application server 9.0.2.3
oracle application server 9.0.3
oracle application server 9.0.3.1
oracle application server 9.0.4
oracle application server 9.0.4.0
oracle application server 9.0.4.1
oracle collaboration suite release_1
oracle e-business suite 11.5.1
oracle e-business suite 11.5.2
oracle e-business suite 11.5.3
oracle e-business suite 11.5.4
oracle e-business suite 11.5.5
oracle e-business suite 11.5.6
oracle e-business suite 11.5.7
oracle e-business suite 11.5.8
oracle e-business suite 11.5.9
oracle enterprise manager 9
oracle enterprise manager 9.0.1
oracle enterprise manager database control 10.1.2
oracle enterprise manager grid control 10.1.0.2
oracle oracle10g enterprise_9.0.4_.0
oracle oracle10g enterprise_10.1.0.2
oracle oracle10g personal_9.0.4_.0
oracle oracle10g personal_10.1_.0.2
oracle oracle10g standard_9.0.4_.0
oracle oracle10g standard_10.1_.0.2
oracle oracle8i enterprise_8.0.5_.0.0
oracle oracle8i enterprise_8.0.6_.0.0
oracle oracle8i enterprise_8.0.6_.0.1
oracle oracle8i enterprise_8.1.5_.0.0
oracle oracle8i enterprise_8.1.5_.0.2
oracle oracle8i enterprise_8.1.5_.1.0
oracle oracle8i enterprise_8.1.6_.0.0
oracle oracle8i enterprise_8.1.6_.1.0
oracle oracle8i enterprise_8.1.7_.0.0
oracle oracle8i enterprise_8.1.7_.1.0
oracle oracle8i enterprise_8.1.7_.4
oracle oracle8i standard_8.0.6
oracle oracle8i standard_8.0.6_.3
oracle oracle8i standard_8.1.5
oracle oracle8i standard_8.1.6
oracle oracle8i standard_8.1.7
oracle oracle8i standard_8.1.7_.0.0
oracle oracle8i standard_8.1.7_.1
oracle oracle8i standard_8.1.7_.4
oracle oracle9i client_9.2.0.1
oracle oracle9i client_9.2.0.2
oracle oracle9i enterprise_8.1.7
oracle oracle9i enterprise_9.0.1
oracle oracle9i enterprise_9.0.1.4
oracle oracle9i enterprise_9.0.1.5
oracle oracle9i enterprise_9.2.0
oracle oracle9i enterprise_9.2.0.1
oracle oracle9i enterprise_9.2.0.2
oracle oracle9i enterprise_9.2.0.3
oracle oracle9i enterprise_9.2.0.4
oracle oracle9i enterprise_9.2.0.5
oracle oracle9i personal_8.1.7
oracle oracle9i personal_9.0.1
oracle oracle9i personal_9.0.1.4
oracle oracle9i personal_9.0.1.5
oracle oracle9i personal_9.2
oracle oracle9i personal_9.2.0.1
oracle oracle9i personal_9.2.0.2
oracle oracle9i personal_9.2.0.3
oracle oracle9i personal_9.2.0.4
oracle oracle9i personal_9.2.0.5
oracle oracle9i standard_8.1.7
oracle oracle9i standard_9.0
oracle oracle9i standard_9.0.1
oracle oracle9i standard_9.0.1.2
oracle oracle9i standard_9.0.1.3
oracle oracle9i standard_9.0.1.4
oracle oracle9i standard_9.0.1.5
oracle oracle9i standard_9.0.2
oracle oracle9i standard_9.2
oracle oracle9i standard_9.2.0.1
oracle oracle9i standard_9.2.0.2
oracle oracle9i standard_9.2.0.3
oracle oracle9i standard_9.2.0.4
oracle oracle9i standard_9.2.0.5
oracle database server 9.0.1
oracle database server 9.0.2.4
oracle database server 10.1.0.2
oracle database server 9.0.1.4
oracle database server 9.0.1.5
oracle database server 9.0.2.4
oracle database server 9.2
oracle database server 9.2.0.1
oracle database server 9.2.0.2
oracle database server 9.2.0.3
oracle database server 9.2.0.5
oracle database server 9.2.2
oracle database server 9.2.0.1
Denotes that component is vulnerable