- Description
- Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
- Comment
- Per http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database. To remediate this security vulnerability, customers should configure network encryption in their clients and servers to protect sensitive data sent over untrusted networks. Refer to http://docs.oracle.com/cd/E11882_01/license.112/e47877/options.htm#CIHFDJDG - "Oracle Advanced Security section" of "Oracle Database Licensing Information 11g Release 2 (11.2)" for details of this licensing change."
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDEDE937-C3D7-421C-9F70-F546AB823E1D"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D7157D8-4959-4F6C-BFA0-D80862393AA4"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "165A1F85-076B-4216-8EF8-D67E6EC63A6B"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C"
}
],
"operator": "OR"
}
]
}
]