Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE network
low complexity
oracle
nessus
Published: 2015-04-16
Updated: 2017-01-03
Summary
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. Per Oracle: The CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 5 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_APR_2015.NASL |
description | The remote Oracle database server is missing the April 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-0483) - Java VM (CVE-2015-0457) - XDB-XML Database (CVE-2015-0455) - XDK and XDB-XML Database (CVE-2015-0479) |
last seen | 2020-06-02 |
modified | 2015-04-20 |
plugin id | 82903 |
published | 2015-04-20 |
reporter | This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/82903 |
title | Oracle Database Multiple Vulnerabilities (April 2015 CPU) |