CVE-2007-5511

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=119332677525918&w=2
http://marc.info/?l=bugtraq&m=119332677525918&w=2
http://osvdb.org/40079
http://secunia.com/advisories/27251	Vendor Advisory
http://secunia.com/advisories/27409
http://securityreason.com/securityalert/3245
http://www.securityfocus.com/archive/1/482429/100/0/threaded
http://www.securityfocus.com/bid/26098
http://www.securitytracker.com/id?1018823
http://www.vupen.com/english/advisories/2007/3524
http://www.vupen.com/english/advisories/2007/3626
https://www.exploit-db.com/exploits/4570
https://www.exploit-db.com/exploits/4571
https://www.exploit-db.com/exploits/4572
http://marc.info/?l=bugtraq&m=119332677525918&w=2
http://marc.info/?l=bugtraq&m=119332677525918&w=2
http://osvdb.org/40079
http://secunia.com/advisories/27251	Vendor Advisory
http://secunia.com/advisories/27409
http://securityreason.com/securityalert/3245
http://www.securityfocus.com/archive/1/482429/100/0/threaded
http://www.securityfocus.com/bid/26098
http://www.securitytracker.com/id?1018823
http://www.vupen.com/english/advisories/2007/3524
http://www.vupen.com/english/advisories/2007/3626
https://www.exploit-db.com/exploits/4570
https://www.exploit-db.com/exploits/4571
https://www.exploit-db.com/exploits/4572

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:38

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=119332677525918&w=2 -~~	() http://marc.info/?l=bugtraq&m=119332677525918&w=2 -
References	~~() http://osvdb.org/40079 -~~	() http://osvdb.org/40079 -
References	~~() http://secunia.com/advisories/27251 - Vendor Advisory~~	() http://secunia.com/advisories/27251 - Vendor Advisory
References	~~() http://secunia.com/advisories/27409 -~~	() http://secunia.com/advisories/27409 -
References	~~() http://securityreason.com/securityalert/3245 -~~	() http://securityreason.com/securityalert/3245 -
References	~~() http://www.securityfocus.com/archive/1/482429/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/482429/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/26098 -~~	() http://www.securityfocus.com/bid/26098 -
References	~~() http://www.securitytracker.com/id?1018823 -~~	() http://www.securitytracker.com/id?1018823 -
References	~~() http://www.vupen.com/english/advisories/2007/3524 -~~	() http://www.vupen.com/english/advisories/2007/3524 -
References	~~() http://www.vupen.com/english/advisories/2007/3626 -~~	() http://www.vupen.com/english/advisories/2007/3626 -
References	~~() https://www.exploit-db.com/exploits/4570 -~~	() https://www.exploit-db.com/exploits/4570 -
References	~~() https://www.exploit-db.com/exploits/4571 -~~	() https://www.exploit-db.com/exploits/4571 -
References	~~() https://www.exploit-db.com/exploits/4572 -~~	() https://www.exploit-db.com/exploits/4572 -

Information

Published : 2007-10-17 23:17

Updated : 2024-11-21 00:38

NVD link : CVE-2007-5511

Mitre link : CVE-2007-5511

CVE.ORG link : CVE-2007-5511

JSON object : View

Products Affected

oracle

database_server

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.5 /10