Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ODBC Driver by Oracle Corporation

    CVE-2019-2799 (GCVE-0-2019-2799)

    Vulnerability from nvd – Published: 2019-07-23 22:31 – Updated: 2024-10-15 18:57
    VLAI
    Summary
    Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***</b></span>. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation ODBC Driver Affected: 11.2.0.4
    Affected: 12.1.0.2
    Affected: 12.2.0.1
    Affected: 18c
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:03:42.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-2799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:16:51.994048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T18:57:11.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ODBC Driver",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "18c"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle ODBC Driver component of Oracle Database Server\u003cspan class=font-red\u003e\u003cb\u003e ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***\u003c/b\u003e\u003c/span\u003e. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver.  Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-23T22:31:47.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2019-2799",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ODBC Driver",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.2.0.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.1.0.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.2.0.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "18c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle ODBC Driver component of Oracle Database Server\u003cspan class=font-red\u003e\u003cb\u003e ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***\u003c/b\u003e\u003c/span\u003e. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver.  Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  "refsource": "MISC",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2019-2799",
        "datePublished": "2019-07-23T22:31:47.000Z",
        "dateReserved": "2018-12-14T00:00:00.000Z",
        "dateUpdated": "2024-10-15T18:57:11.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2799 (GCVE-0-2019-2799)

    Vulnerability from cvelistv5 – Published: 2019-07-23 22:31 – Updated: 2024-10-15 18:57
    VLAI
    Summary
    Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***</b></span>. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation ODBC Driver Affected: 11.2.0.4
    Affected: 12.1.0.2
    Affected: 12.2.0.1
    Affected: 18c
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:03:42.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-2799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:16:51.994048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T18:57:11.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ODBC Driver",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0.4"
                },
                {
                  "status": "affected",
                  "version": "12.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "18c"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle ODBC Driver component of Oracle Database Server\u003cspan class=font-red\u003e\u003cb\u003e ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***\u003c/b\u003e\u003c/span\u003e. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver.  Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-23T22:31:47.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2019-2799",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ODBC Driver",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.2.0.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.1.0.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.2.0.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "18c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle ODBC Driver component of Oracle Database Server\u003cspan class=font-red\u003e\u003cb\u003e ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***\u003c/b\u003e\u003c/span\u003e. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver.  Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  "refsource": "MISC",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2019-2799",
        "datePublished": "2019-07-23T22:31:47.000Z",
        "dateReserved": "2018-12-14T00:00:00.000Z",
        "dateUpdated": "2024-10-15T18:57:11.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }