Vulnerability Name: | CVE-2007-5511 (CCN-37309) | ||||||||
Assigned: | 2007-10-16 | ||||||||
Published: | 2007-10-16 | ||||||||
Updated: | 2018-10-15 | ||||||||
Summary: | SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. Note: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. | ||||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
5.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-89 | ||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-5511 Source: CCN Type: HP Security Bulletin HPSBMA02133 SSRT061201 rev.6 HP Oracle for OpenView (OfO) Critical Patch Update Source: HP Type: UNKNOWN SSRT061201 Source: OSVDB Type: UNKNOWN 40079 Source: CCN Type: SA27251 Oracle Products Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 27251 Source: CCN Type: SA27409 HP Oracle for OpenView Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 27409 Source: SREASON Type: UNKNOWN 3245 Source: CCN Type: SECTRACK ID: 1018823 Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact Source: CCN Type: NGSSoftware Insight Security Research Advisory NISR17102007B High Risk Vulnerability in Oracle Workspace Manager Source: CCN Type: Oracle Critical Patch Update - October 2007 Oracle Critical Patch Update Advisory - October 2007 Source: CCN Type: OSVDB ID: 40079 Oracle Workspace Manager LT Package FINDRICSET Procedure SQL Injection Source: BUGTRAQ Type: UNKNOWN 20071017 SQL Injection Flaw in Oracle Workspace Manager Source: BID Type: UNKNOWN 26098 Source: CCN Type: BID-26098 Oracle Workspace Manager LT Package SQL Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1018823 Source: VUPEN Type: UNKNOWN ADV-2007-3524 Source: VUPEN Type: UNKNOWN ADV-2007-3626 Source: XF Type: UNKNOWN oracle-database-workspace-sql-injection(37309) Source: EXPLOIT-DB Type: UNKNOWN 4570 Source: EXPLOIT-DB Type: UNKNOWN 4571 Source: EXPLOIT-DB Type: UNKNOWN 4572 Source: CCN Type: Rapid7 Vulnerability and Exploit Database [10-17-2007] Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |