Vulnerability Name: CVE-2014-6452 (CCN-97090) Assigned: 2014-10-14 Published: 2014-10-14 Updated: 2014-10-24 Summary: Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298 , CVE-2014-4299 , CVE-2014-4300 , CVE-2014-6454 , and CVE-2014-6542 . CVSS v3 Severity: 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N 3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2014-6452 IBM OpenPages Platform with Database vulnerabilities. Oracle Critical Patch Update Advisory - October 2014 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html 70528 Oracle Database Server CVE-2014-6452 Remote Security Vulnerability oracle-cpuoct2014-cve20146452(97090) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:* AND cpe:/a:ibm:openpages_grc_platform:6.2.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:openpages_grc_platform:7.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:openpages_grc_platform:6.2.0.0:*:*:*:*:*:*:* BACK
oracle database server 11.1.0.7
oracle database server 11.2.0.3
oracle database server 11.2.0.4
oracle database server 12.1.0.1
oracle database server 12.1.0.2
oracle database server 11.1.0.7
oracle database server 11.2.0.3
oracle database server 12.1.0.1
oracle database server 11.2.0.4
oracle database server 12.1.0.2
ibm openpages grc platform 6.2.1.0
ibm openpages grc platform 7.0.0.0
ibm openpages grc platform 6.2.0.0
Denotes that component is vulnerable