CVE-2018-2939

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Core RDBMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).

CVSS v3 8.4 HIGH
CVSS v2.0 3.6 LOW

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Exploitability : 2.0 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/104804	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041299
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/104804	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041299

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:database_server:11.2.0.4:::::::*
	cpe:2.3:a:oracle:database_server:12.1.0.2:::::::*
	cpe:2.3:a:oracle:database_server:12.2.0.1:::::::*
	cpe:2.3:a:oracle:database_server:18.1:::::::*
	cpe:2.3:a:oracle:database_server:18.2:::::::*

History

21 Nov 2024, 04:04

Type	Values Removed	Values Added
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Vendor Advisory~~	() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/104804 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/104804 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1041299 -~~	() http://www.securitytracker.com/id/1041299 -

Information

Published : 2018-07-18 13:29

Updated : 2024-11-21 04:04

NVD link : CVE-2018-2939

Mitre link : CVE-2018-2939

CVE.ORG link : CVE-2018-2939

JSON object : View

Products Affected

oracle

database_server

CWE

NVD-CWE-noinfo

8.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

3.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-2939

8.4^/10

3.6^/10

Attach tags to `CVE-2018-2939`