CVE-2014-6541

Current Description

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

Evaluator Description

Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThis vulnerability is only applicable on a Windows operating system. The CVSS score is 6.3 for Database versions prior to 12c. The CVSS is 3.5 (Confidentiality is "Partial+") for Database 12c.

Basic Data

PublishedJanuary 21, 2015
Last ModifiedNovember 28, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:C/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.3
SeverityMEDIUM
Exploitability Score6.8
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleDatabase Server11.1.0.7*******
    2.3ApplicationOracleDatabase Server11.2.0.3*******
    2.3ApplicationOracleDatabase Server11.2.0.4*******
    2.3ApplicationOracleDatabase Server12.1.0.1*******
    2.3ApplicationOracleDatabase Server12.1.0.2*******

Vulnerable Software List

VendorProductVersions
Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.0.2

References

NameSourceURLTags
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlCONFIRMPATCH Vendor Advisory
72158http://www.securityfocus.com/bid/72158BID
1031572http://www.securitytracker.com/id/1031572SECTRACK