Vulnerabilities > CVE-2015-0455 - Remote Security vulnerability in Oracle Database Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. Per Oracle: The CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_APR_2015.NASL |
| description | The remote Oracle database server is missing the April 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-0483) - Java VM (CVE-2015-0457) - XDB-XML Database (CVE-2015-0455) - XDK and XDB-XML Database (CVE-2015-0479) |
| last seen | 2020-06-02 |
| modified | 2015-04-20 |
| plugin id | 82903 |
| published | 2015-04-20 |
| reporter | This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/82903 |
| title | Oracle Database Multiple Vulnerabilities (April 2015 CPU) |