CVE-2017-3567

24.04.2017, 19:59

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
oracle	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
oracle	database	11.2.0.4
oracle	database	12.1.0.2

𝑥

= Vulnerable software versions

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97873

http://www.securitytracker.com/id/1038284

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97873

http://www.securitytracker.com/id/1038284