Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Oracle
  • Application Server
  • Collaboration Suite
  • E-business Suite
  • Enterprise Manager
  • Enterprise Manager Database Control
  • Enterprise Manager Grid Control
  • Oracle10g
  • Oracle8i
  • Oracle9i

Configuration 1 [-]

OR cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*

No data.

References
Link Providers
http://marc.info/?l=bugtraq&m=110382596129607&w=2 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/316206 cve-icon cve-icon
http://www.ngssoftware.com/advisories/oracle23122004H.txt cve-icon cve-icon
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf cve-icon cve-icon
http://www.securityfocus.com/bid/10871 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA04-245A.html cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/18665 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-01-19T05:00:00

Updated: 2024-08-08T00:46:12.509Z

Reserved: 2005-01-07T00:00:00

Link: CVE-2004-1370

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2004-08-04T04:00:00.000

Modified: 2017-07-11T01:30:58.387

Link: CVE-2004-1370

cve-icon Redhat

No data.