CVE-2009-1991
Severity Score
8.8
*CVSS v3
Exploit Likelihood
< 1%
*EPSS
Affected Versions
4
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure.
Vulnerabilidad no especificada en el componente Oracle Text en Oracle Database v9.2.0.8, v9.2.0.8DV, v10.1.0.5, y v10.2.0.4 permite a los usuarios remotos autenticados comprometer la confidencialidad e integridad, relativo a CTXSYS.DRVXTABC.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-06-08 CVE Reserved
- 2009-10-22 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/59113 | Vdb Entry | |
| http://secunia.com/advisories/37027 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/cpuoct2... | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/36748 | Vdb Entry | |
| http://www.securitytracker.com/id?1023057 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-294A.html | Third Party Advisory |
1 - 6 of 6
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|