CVE-2008-3984

Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.

Vulnerabilidad no especificada en el componente Workspace Manager en Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3 y 11.1.0.6 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad, relacionado con SYS.LT y WMSYS.LT, una vulnerabilidad diferente a CVE-2008-3982 y CVE-2008-3983.

Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component. This package has multiple instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE and REMOVEWORKSPACE procedures.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-09-09 CVE Reserved
2008-10-14 CVE Published
2009-01-06 First Exploit
2024-08-07 CVE Updated
2025-06-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (6)

URL	Tag	Source
http://www.securitytracker.com/id?1021050	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2825	Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/45887	Vdb Entry

URL	Date	SRC
https://packetstorm.news/files/id/180727	2024-08-31
https://www.exploit-db.com/exploits/7675	2009-01-06

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Database 10g Search vendor "Oracle" for product "Database 10g"				10.1.0.5 Search vendor "Oracle" for product "Database 10g" and version "10.1.0.5"		-		Affected
Oracle Search vendor "Oracle"		Database 10g Search vendor "Oracle" for product "Database 10g"				10.2.0.3 Search vendor "Oracle" for product "Database 10g" and version "10.2.0.3"		-		Affected
Oracle Search vendor "Oracle"		Database 11i Search vendor "Oracle" for product "Database 11i"				11.1.0.6 Search vendor "Oracle" for product "Database 11i" and version "11.1.0.6"		-		Affected
Oracle Search vendor "Oracle"		Database 9i Search vendor "Oracle" for product "Database 9i"				9.2.0.8 Search vendor "Oracle" for product "Database 9i" and version "9.2.0.8"		-		Affected
Oracle Search vendor "Oracle"		Database 9i Search vendor "Oracle" for product "Database 9i"				9.2.0.8dv Search vendor "Oracle" for product "Database 9i" and version "9.2.0.8dv"		-		Affected