CVE-2017-10292

Published: Oct 19, 2017Modified: May 13, 2026

2.3

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Affected (3)

Products: Oracle: Database

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Database	Version 11.2.0.4
Oracle Database	Version 12.1.0.2
Oracle Database	Version 12.2.0.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/101350

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039591

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/101350

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039591

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.