CVE-2017-10261

{"id": "CVE-2017-10261", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2017-10-19T17:29:01.403", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Vendor Advisory", "Patch"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/101344", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1039591", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where XML Database executes to compromise XML Database. While the vulnerability is in XML Database, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 5.5 with scope Unchanged. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente XML Database de Oracle Database Server. Las versiones compatibles que se han visto afectadas son la 11.2.0.4 y la 12.1.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un bajo nivel de privilegios que tenga privilegios Create Session e inicio de sesi\u00f3n en la infraestructura en la que se ejecuta XML Database comprometa la seguridad de XML Database. Aunque la vulnerabilidad est\u00e1 presente en XML Database, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a informaci\u00f3n cr\u00edtica o un acceso completo a todos los datos accesibles de XML Database. Nota: Esta puntuaci\u00f3n es para la plataforma Windows, versi\u00f3n 11.2.0.4 de Database. Para la versi\u00f3n 11.2.0.4 de la plataforma Windows y Linux, la puntuaci\u00f3n es 5.5 con scope Unchanged. CVSS 3.0 Base Score 6.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."}], "lastModified": "2017-10-24T16:34:55.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D"}, {"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}