CVE-2017-10120 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-10120 PUBLISHED CVSS 1.899999976158142 LOW

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 1.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N).

EPSS 0.08% · 23.9th percentile

Risk Scores

CVSS v2.0

1.899999976158142

EPSS Score

0.08%

23.9th percentile

Affected Products

Vendor	Product	Versions
oracle	database_server	12.1.0.2
Oracle Corporation	Oracle Database	12.1.0.2

Timeline

Jun 20, 2016 PoC Published
Aug 8, 2017 CVE Published
Jul 20, 2018 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

99867 vdb
1038923 vdb
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html url
https://nvd.nist.gov/vuln/detail/CVE-2017-10120 advisory

Open in Interactive Console →