cvelistv5 - cve-2015-0373

CVE-2015-0373 (GCVE-0-2015-0373)

Vulnerability from cvelistv5 – Published: 2015-01-21 18:00 – Updated: 2024-08-06 04:10

Summary

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1031572	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/72145	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:09.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oracle-cpujan2015-cve20150373(100067)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "1031572",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031572"
          },
          {
            "name": "72145",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "oracle-cpujan2015-cve20150373(100067)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "1031572",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031572"
        },
        {
          "name": "72145",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2015-0373",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oracle-cpujan2015-cve20150373(100067)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "1031572",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031572"
            },
            {
              "name": "72145",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2015-0373",
    "datePublished": "2015-01-21T18:00:00",
    "dateReserved": "2014-12-17T00:00:00",
    "dateUpdated": "2024-08-06T04:10:09.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDEDE937-C3D7-421C-9F70-F546AB823E1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"165A1F85-076B-4216-8EF8-D67E6EC63A6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1E11A25-C7CE-49DF-99CA-352FD21B8230\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F3D40B7-925C-413D-AFF3-60BF330D5BC2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el componente OJVM en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a trav\\u00e9s de vectores desconocidos.\"}]",
      "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n\nThis brings the OJVM component of Database in line with Java SE security fixes delivered as of January CPU 2015.",
      "id": "CVE-2015-0373",
      "lastModified": "2024-11-21T02:22:56.177",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-01-21T18:59:20.217",
      "references": "[{\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/72145\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031572\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100067\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/72145\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0373\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2015-01-21T18:59:20.217\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente OJVM en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDEDE937-C3D7-421C-9F70-F546AB823E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"165A1F85-076B-4216-8EF8-D67E6EC63A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1E11A25-C7CE-49DF-99CA-352FD21B8230\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3D40B7-925C-413D-AFF3-60BF330D5BC2\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72145\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securitytracker.com/id/1031572\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100067\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/72145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\\n\\nThis brings the OJVM component of Database in line with Java SE security fixes delivered as of January CPU 2015.\"}}"
  }
}

CNVD-2015-00530

Vulnerability from cnvd - Published: 2015-01-23

Title

Oracle Database Server OJVM组件存在未明漏洞

Description

Oracle Database是一款商业性质的大型数据库。 Oracle Database Server OJVM组件存在未明安全漏洞，允许远程攻击者利用漏洞可影响系统保密性，完整性和可用性。

Severity

中

Patch Name

Oracle Database Server OJVM组件存在未明漏洞的补丁

Patch Description

Oracle Database是一款商业性质的大型数据库。 Oracle Database Server OJVM组件存在未明安全漏洞，允许远程攻击者利用漏洞可影响系统保密性，完整性和可用性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Reference

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0373 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Impacted products

Name
['Oracle database server 11.1.0.7', 'Oracle database server 11.2.0.3', 'Oracle Database Server 12.1.0.1', 'Oracle database server 11.2.0.4', 'Oracle Database Server 12.1.0.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0373"
    }
  },
  "description": "Oracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u5927\u578b\u6570\u636e\u5e93\u3002\r\n\r\nOracle Database Server OJVM\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5f71\u54cd\u7cfb\u7edf\u4fdd\u5bc6\u6027\uff0c\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00530",
  "openTime": "2015-01-23",
  "patchDescription": "Oracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u5927\u578b\u6570\u636e\u5e93\u3002\r\n\r\nOracle Database Server OJVM\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5f71\u54cd\u7cfb\u7edf\u4fdd\u5bc6\u6027\uff0c\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Database Server OJVM\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle database server 11.1.0.7",
      "Oracle database server 11.2.0.3",
      "Oracle Database Server 12.1.0.1",
      "Oracle database server 11.2.0.4",
      "Oracle Database Server 12.1.0.2"
    ]
  },
  "referenceLink": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0373\r\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-22",
  "title": "Oracle Database Server OJVM\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CERTFR-2015-AVI-033

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, un contournement de la politique de sécurité, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données, ou une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Database Server	XML Developers Kit Version 11.2.0.3
Oracle	Database Server	OLAP Version 11.1.0.7
Oracle	Database Server	XML Developers Kit Version 12.1.0.2
Oracle	Database Server	PL/SQL Version 12.1.0.1
Oracle	Database Server	Oracle Database Version 12.1.0.2
Oracle	Database Server	PL/SQL Version 11.1.0.7
Oracle	Database Server	Workspace Manager Version 11.2.0.3
Oracle	Database Server	Oracle Database Version 11.1.0.7
Oracle	Database Server	PL/SQL Version 11.2.0.3
Oracle	Database Server	OLAP Version 12.1.0.1
Oracle	Database Server	PL/SQL Version 11.2.0.4
Oracle	Database Server	OLAP Version 12.1.0.2
Oracle	Database Server	Workspace Manager Version 12.1.0.1
Oracle	Database Server	Workspace Manager Version 11.2.0.4
Oracle	Database Server	Workspace Manager Version 11.1.0.7
Oracle	Database Server	Oracle Database Version 11.2.0.4
Oracle	Database Server	OLAP Version 11.2.0.3
Oracle	Database Server	Oracle Database Version 12.1.0.1
Oracle	Database Server	OLAP Version 11.2.0.4
Oracle	Database Server	XML Developers Kit Version 12.1.0.1
Oracle	Database Server	Oracle Database Version 11.2.0.3
Oracle	Database Server	XML Developers Kit Version 11.2.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle CPUJan2015 du 20 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "XML Developers Kit Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "XML Developers Kit Version 12.1.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 12.1.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 12.1.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "XML Developers Kit Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "XML Developers Kit Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-6577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6577"
    },
    {
      "name": "CVE-2015-0370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0370"
    },
    {
      "name": "CVE-2015-0371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0371"
    },
    {
      "name": "CVE-2014-6567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6567"
    },
    {
      "name": "CVE-2015-0373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0373"
    },
    {
      "name": "CVE-2014-6514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6514"
    },
    {
      "name": "CVE-2014-6541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6541"
    },
    {
      "name": "CVE-2014-6578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-033",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, ou une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUJan2015 du 20 janvier 2015",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    }
  ]
}

CERTFR-2015-AVI-033

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Database Server	XML Developers Kit Version 11.2.0.3
Oracle	Database Server	OLAP Version 11.1.0.7
Oracle	Database Server	XML Developers Kit Version 12.1.0.2
Oracle	Database Server	PL/SQL Version 12.1.0.1
Oracle	Database Server	Oracle Database Version 12.1.0.2
Oracle	Database Server	PL/SQL Version 11.1.0.7
Oracle	Database Server	Workspace Manager Version 11.2.0.3
Oracle	Database Server	Oracle Database Version 11.1.0.7
Oracle	Database Server	PL/SQL Version 11.2.0.3
Oracle	Database Server	OLAP Version 12.1.0.1
Oracle	Database Server	PL/SQL Version 11.2.0.4
Oracle	Database Server	OLAP Version 12.1.0.2
Oracle	Database Server	Workspace Manager Version 12.1.0.1
Oracle	Database Server	Workspace Manager Version 11.2.0.4
Oracle	Database Server	Workspace Manager Version 11.1.0.7
Oracle	Database Server	Oracle Database Version 11.2.0.4
Oracle	Database Server	OLAP Version 11.2.0.3
Oracle	Database Server	Oracle Database Version 12.1.0.1
Oracle	Database Server	OLAP Version 11.2.0.4
Oracle	Database Server	XML Developers Kit Version 12.1.0.1
Oracle	Database Server	Oracle Database Version 11.2.0.3
Oracle	Database Server	XML Developers Kit Version 11.2.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle CPUJan2015 du 20 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "XML Developers Kit Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "XML Developers Kit Version 12.1.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 12.1.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PL/SQL Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 12.1.0.2",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace Manager Version 11.1.0.7",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "OLAP Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "XML Developers Kit Version 12.1.0.1",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Version 11.2.0.3",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "XML Developers Kit Version 11.2.0.4",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-6577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6577"
    },
    {
      "name": "CVE-2015-0370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0370"
    },
    {
      "name": "CVE-2015-0371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0371"
    },
    {
      "name": "CVE-2014-6567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6567"
    },
    {
      "name": "CVE-2015-0373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0373"
    },
    {
      "name": "CVE-2014-6514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6514"
    },
    {
      "name": "CVE-2014-6541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6541"
    },
    {
      "name": "CVE-2014-6578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-033",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Database Server\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, ou une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUJan2015 du 20 janvier 2015",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    }
  ]
}

GSD-2015-0373

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0373

Aliases

CVE-2015-0373

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0373",
    "description": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
    "id": "GSD-2015-0373"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0373"
      ],
      "details": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
      "id": "GSD-2015-0373",
      "modified": "2023-12-13T01:19:58.436468Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2015-0373",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oracle-cpujan2015-cve20150373(100067)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "1031572",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031572"
          },
          {
            "name": "72145",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72145"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2015-0373"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "1031572",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031572"
            },
            {
              "name": "72145",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/72145"
            },
            {
              "name": "oracle-cpujan2015-cve20150373(100067)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-21T18:59Z"
    }
  }
}

FKIE_CVE-2015-0373

Vulnerability from fkie_nvd - Published: 2015-01-21 18:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Patch, Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/72145
secalert_us@oracle.com	http://www.securitytracker.com/id/1031572
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/100067
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72145
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031572
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/100067

Impacted products

Vendor	Product	Version
oracle	database_server	11.1.0.7
oracle	database_server	11.2.0.3
oracle	database_server	11.2.0.4
oracle	database_server	12.1.0.1
oracle	database_server	12.1.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDEDE937-C3D7-421C-9F70-F546AB823E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "165A1F85-076B-4216-8EF8-D67E6EC63A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E11A25-C7CE-49DF-99CA-352FD21B8230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente OJVM en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos."
    }
  ],
  "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n\nThis brings the OJVM component of Database in line with Java SE security fixes delivered as of January CPU 2015.",
  "id": "CVE-2015-0373",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-21T18:59:20.217",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/72145"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id/1031572"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HPJG-3G2H-99X2

Vulnerability from github – Published: 2022-05-17 01:11 – Updated: 2022-05-17 01:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0373"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-21T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
  "id": "GHSA-hpjg-3g2h-99x2",
  "modified": "2022-05-17T01:11:12Z",
  "published": "2022-05-17T01:11:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0373"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72145"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031572"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0373 (GCVE-0-2015-0373)

CNVD-2015-00530

CERTFR-2015-AVI-033

Solution

CERTFR-2015-AVI-033

Solution

GSD-2015-0373

FKIE_CVE-2015-0373

GHSA-HPJG-3G2H-99X2

Tags

Sightings

Nomenclature