|
|
|
|
| |
Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3511
The original article can be found at: http://www.securityfocus.com/bid/50219
|
| |
Vulnerable Systems:
*Oracle Database Vault 10.2.0.3
*Oracle Database Vault 10.2.0.4
*Oracle Database Vault 10.2.0.5
*Oracle Database Vault 11.1.0.7
*Oracle Database Vault 11.2.0.2
Oracle Database Server is prone to a remote security-bypass vulnerability in Database Vault. The vulnerability can be exploited over the 'Oracle Net' protocol. For an exploit to succeed, the attacker must have 'Privileged Account' privileges. An attacker can exploit this issue to bypass certain security protections and change any user's password. Successfully exploiting this issue may lead to other attacks.
Vendor Status:
Oracle has issued an update to correct this vulnerability
Patch Availability:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
CVE Information:
CVE-2011-3511
Disclosure Timeline:
2011-November-10 Rev 4. Changed CVSS Score for CVE-2011-3512 to 6.5
2011-October-20 Rev 3. Changed CVSS Score for CVE-2011-2301 to 8.5
2011-October-18 Rev 2. Changed CVE for Oracle Thesaurus Management System from CVE-2011-3538 to CVE-2011-2323
2011-October-18 Rev 1. Initial Release
|
|
|
|
|
