Vulnerability CVE-2010-4420

Vulnerability Name:

CVE-2010-4420 (CCN-64760)

Assigned:

2010-12-06

Published:

2011-01-19

Updated:

2017-08-17

Summary:

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
2.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-4420

Source: CCN
Type: SA42895
Oracle Database Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
42895

Source: CCN
Type: SECTRACK ID: 1024972
Oracle Database Bugs Let Remote Users Partially Obtain and Modify Data and Cause Partial Denial of Service Conditions

Source: CCN
Type: Oracle Critical Patch Update Advisory - January 2011
Oracle Critical Patch Update Advisory - January 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Source: CCN
Type: OSVDB ID: 70555
Oracle Database Server Database Vault GIF Filename Local Session ID Disclosure Weakness

Source: BID
Type: UNKNOWN
45855

Source: CCN
Type: BID-45855
Oracle Database Server Database Vault Local Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1024972

Source: VUPEN
Type: UNKNOWN
ADV-2011-0139

Source: XF
Type: UNKNOWN
oracle-db-vault-unspecified(64760)

Source: XF
Type: UNKNOWN
oracle-db-vault-unspecified(64760)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:11.2.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK