Current Description

Unspecified vulnerability in the Recovery component in Oracle Database Server,,,, and, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

Evaluator Description

Per: vulnerability is only applicable on a Windows operating system. The CVSS score is 6.3 for Database versions prior to 12c. The CVSS is 3.5 (Confidentiality is "Partial+") for Database 12c.

Basic Data

PublishedJanuary 21, 2015
Last ModifiedNovember 28, 2016
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:C/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.3
Exploitability Score6.8
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleDatabase Server11.1.0.7*******
    2.3ApplicationOracleDatabase Server11.2.0.3*******
    2.3ApplicationOracleDatabase Server11.2.0.4*******
    2.3ApplicationOracleDatabase Server12.1.0.1*******
    2.3ApplicationOracleDatabase Server12.1.0.2*******

Vulnerable Software List

Oracle Database Server,,,,


NameSourceURLTags Vendor Advisory