FKIE_CVE-2007-5511

Vulnerability from fkie_nvd - Published: 2007-10-17 23:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=119332677525918&w=2
cve@mitre.orghttp://osvdb.org/40079
cve@mitre.orghttp://secunia.com/advisories/27251Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27409
cve@mitre.orghttp://securityreason.com/securityalert/3245
cve@mitre.orghttp://www.securityfocus.com/archive/1/482429/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26098
cve@mitre.orghttp://www.securitytracker.com/id?1018823
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3524
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3626
cve@mitre.orghttps://www.exploit-db.com/exploits/4570
cve@mitre.orghttps://www.exploit-db.com/exploits/4571
cve@mitre.orghttps://www.exploit-db.com/exploits/4572
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=119332677525918&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/40079
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27251Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27409
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3245
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482429/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26098
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018823
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3524
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3626
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4570
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4571
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4572
Impacted products
Vendor Product Version
oracle database_server *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A77562B-D1A5-450D-9288-3FC7145E9292",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package.  NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el Workspace Manager para las Bases de Datos Oracle anteriores a la OWM 10.2.0.4.1, OWM 10.1.0.8.0 y OWM 9.2.0.8.0 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del procedimiento FINDRICSET en el paquete LT. NOTA: esta vulnerabilidad est\u00e9, probablemente, cubierta por la CVE-2007-5510, pero no hay suficientes detalles para tener certeza."
    }
  ],
  "id": "CVE-2007-5511",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-17T23:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=119332677525918\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/40079"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27251"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3245"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482429/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018823"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3524"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3626"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4570"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4571"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119332677525918\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/40079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482429/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4572"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.