Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE network
low complexity
oracle
critical
nessus
Published: 2015-04-16
Updated: 2017-01-03
Summary
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629. Per Oracle: The CVSS score is 9.0 only on Windows for Database versions prior to 12c. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 5 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_APR_2015.NASL |
description | The remote Oracle database server is missing the April 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components : - Core RDBMS (CVE-2015-0483) - Java VM (CVE-2015-0457) - XDB-XML Database (CVE-2015-0455) - XDK and XDB-XML Database (CVE-2015-0479) |
last seen | 2020-06-02 |
modified | 2015-04-20 |
plugin id | 82903 |
published | 2015-04-20 |
reporter | This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/82903 |
title | Oracle Database Multiple Vulnerabilities (April 2015 CPU) |