NVD

Id
2495  
Name
CVE-2008-2589  
Description
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-03  
Published
2008-07-15  
Modified Date
2012-10-22  
Seq
2008-2589  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
15770 2495 CVE-2008-2589 SSRT061201  View
15771 2495 CVE-2008-2589 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html  View
15772 2495 CVE-2008-2589 20080715 Oracle Application Server PLSQL injection flaw  View
15773 2495 CVE-2008-2589 1020494  View
15774 2495 CVE-2008-2589 ADV-2008-2109  View
15775 2495 CVE-2008-2589 ADV-2008-2115  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
46249 JVNDB-2008-001559 Oracle Application Server の Oracle Portal コンポーネントにおける脆弱性 Oracle Application Server の Oracle Portal コンポーネントには、詳細不明な脆弱性が存在します。 CVE-2008-2589 32702 CVE-2008-2589 2495 6.4 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001559.html 2008-07-15 2008-08-11 View