CVE-2016-0472

Published on: 01/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

AV:N/AC:L/Au:S/C:P/I:N/A:P

Certain versions of Database Server from Oracle contain the following vulnerability:

Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors.

CVSS2 Score: 5.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE PARTIAL

CVE References

Description Tags Link
Oracle Database Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Deny Service, and Gain Elevated Privileges - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1034709
Oracle.com Outage Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOracleDatabase Server11.2.0.4AllAllAll
ApplicationOracleDatabase Server12.1.0.1AllAllAll
ApplicationOracleDatabase Server12.1.0.2AllAllAll
ApplicationOracleDatabase Server11.2.0.4AllAllAll
ApplicationOracleDatabase Server12.1.0.1AllAllAll
ApplicationOracleDatabase Server12.1.0.2AllAllAll
  • cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*: