// For flags

CVE-2009-0978

Oracle DB SQL Injection Via SYS.LT.ROLLBACKWORKSPACE

Severity Score

9.6
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.

Vulnerabilidad no especificada en el componente Workspace Manager en Oracle Database 10.2.0.4 y 11.1.0.6 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2009-0975.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-03-19 CVE Reserved
  • 2009-04-15 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-31 First Exploit
  • 2025-05-23 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Database 10g
Search vendor "Oracle" for product "Database 10g"
 10.2.0.4
Search vendor "Oracle" for product "Database 10g" and version "10.2.0.4"
-
Affected
Oracle
Search vendor "Oracle"
 Database 11g
Search vendor "Oracle" for product "Database 11g"
 11.1.0.6
Search vendor "Oracle" for product "Database 11g" and version "11.1.0.6"
-
Affected