VDB

CVE-2017-10202

CVE-2017-10202 PUBLISHED CVSS 9.899999618530273 CRITICAL

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

EPSS 2.14% · 84.5th percentile

Risk Scores

CVSS 3.0
9.899999618530273
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
2.14%
84.5th percentile

Affected Products

VendorProductVersions
Oracle CorporationOracle Database11.2.0.4, 12.1.0.2, 12.2.0.1
oracledatabase11.2.0.4, 12.1.0.2, 12.2.0.1

Exploit Intelligence

…and 25 more exploits

Timeline

  • Jun 20, 2016 PoC Published
  • Jul 19, 2017 CVE Published
  • Jul 20, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›