CVE-2015-4735

Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows remote attackers to affect confidentiality via vectors related to RAC Management.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Patch Vendor Advisory
http://www.securitytracker.com/id/1032918	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:enterprise_manager_database_control:11.2.0.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_database_control:11.2.0.4:::::::*
	cpe:2.3:a:oracle:enterprise_manager_grid_control:11.1.0.1:::::::*

History

No history.

Information

Published : 2015-07-16 11:00

Updated : 2024-02-28 15:21

NVD link : CVE-2015-4735

Mitre link : CVE-2015-4735

CVE.ORG link : CVE-2015-4735

JSON object : View

Products Affected

oracle

enterprise_manager_database_control
enterprise_manager_grid_control

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-4735", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-16T11:00:30.387", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1032918", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows remote attackers to affect confidentiality via vectors related to RAC Management."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Enterprise Manager for Oracle Database en Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 y EM DB Control 11.2.0.3 y 11.2.0.4, permite a atacantes remotos afectar la confidencialidad a trav\u00e9s de vectores relacionados con RAC Management."}], "lastModified": "2016-12-28T16:29:02.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:11.2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B61406E-4EF7-4366-A48E-11329F469147"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:11.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB215790-E35D-4735-9A91-92026FC97EAB"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:11.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2A0AF0-2A77-4860-BD83-EA5A05D0E737"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}