CVE-2017-3240

{"id": "CVE-2017-3240", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2017-01-27T22:59:02.303", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/95477", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1037630", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)."}, {"lang": "es", "value": "Vulnerabilidad en el componente RDBMS Security de Oracle Database Server. La versi\u00f3n compatible que est\u00e1 afectada es 12.1.0.2. Vulnerabilidad f\u00e1cilmente explotable permite a atacante poco privilegiado teniendo privilegio de inicio local de sesi\u00f3n con inicio de sesi\u00f3n a la infraestructura donde se ejecuta RDBMS Security, comprometer RDBMS Security. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de RDBMS Security. CVSS v3.0 Base Score 3.3 (Impactos de Confidencialidad)."}], "lastModified": "2017-07-26T01:29:03.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}