CVE-2014-6477

23.11.2014, 19:59

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547.  NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:C/I:N/A:N
oracle	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 37%

Vendor	Product	Version
oracle	database_server	11.1.0.7
oracle	database_server	11.2.0.3
oracle	database_server	11.2.0.4
oracle	database_server	12.1.0.1
oracle	database_server	12.1.0.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/99937

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/99937