CVE-2011-3525 - Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0

CVE-2011-3525

Summary

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.

References

http://osvdb.org/76516
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.securityfocus.com/bid/50197
https://exchange.xforce.ibmcloud.com/vulnerabilities/70799

Vulnerable Configurations

cpe:2.3:a:oracle:database_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:4.0:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	50197
confirm	http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
osvdb	76516
xf	odbs-appex-apex-unspecified(70799)

Last major update

29-08-2017 - 01:30

Published

18-10-2011 - 22:55

Last modified

29-08-2017 - 01:30