Security Lab

Множественные уязвимости в Oracle FLEXCUBE Direct Banking

Дата публикации:17.10.2012
Всего просмотров:1151
Опасность:
Средняя
Наличие исправления: Да
Количество уязвимостей:5
CVSSv2 рейтинг: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:O/RC:C)
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:O/RC:C)
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:O/RC:C)
2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N/E:U/RL:O/RC:C)
3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:O/RC:C)
CVE ID: CVE-2012-1751
CVE-2012-3132
CVE-2012-3137
CVE-2012-3146
CVE-2012-3151
Вектор эксплуатации: Удаленная
Воздействие: Отказ в обслуживании
Раскрытие важных данных
Неавторизованное изменение данных
Компрометация системы
CWE ID: Нет данных
Наличие эксплоита: Нет данных
Уязвимые продукты: Oracle Database 10.x
Oracle Database 11.x
Описание:

Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious, local users to manipulate certain data and cause a DoS (Denial of Service), by malicious users to disclose potentially sensitive information, manipulate certain data, and potentially compromise a vulnerable system, and by malicious people to disclose potentially sensitive information, manipulate certain data, and potentially compromise a vulnerable system.

1) An unspecified error in the Core RDBMS component can be exploited to disclose and manipulate certain data and potentially execute arbitrary code.

This may be related to:
SA46502

2) An unspecified error in the Core RDBMS component can be exploited by authenticated users to disclose and manipulate certain data and potentially execute arbitrary code.

Successful exploitation of this vulnerability requires Create session, create flashback archive privileges.

3) An unspecified error in the Core RDBMS component can be exploited by authenticated users to disclose and manipulate certain data and potentially execute arbitrary code.

Successful exploitation of this vulnerability requires Create session, create table privileges.

This may be related to:
SA50143

4) An unspecified error in the Core RDBMS component can be exploited by local users to manipulate certain data and cause a crash of the component.

5) An unspecified error in the Core RDBMS component can be exploited by authenticated users to manipulate certain component accessible data.

Successful exploitation of this vulnerability requires Create session, create any directory privileges.

The vulnerabilities are reported in version 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3.


<
Ссылки: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html