CVE-2014-6541 - Vulnerability Details - OpenCVE

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00194.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Database Server

Configuration 1 [-]

OR	cpe:2.3:a:oracle:database_server:11.1.0.7:::::::*
	cpe:2.3:a:oracle:database_server:11.2.0.3:::::::*
	cpe:2.3:a:oracle:database_server:11.2.0.4:::::::*
	cpe:2.3:a:oracle:database_server:12.1.0.1:::::::*
	cpe:2.3:a:oracle:database_server:12.1.0.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2014-6420	Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/bid/72158
http://www.securitytracker.com/id/1031572

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2015-01-21T15:00:00

Updated: 2024-08-06T12:17:24.348Z

Reserved: 2014-09-17T00:00:00

Link: CVE-2014-6541

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-01-21T15:28:00.057

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6541

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "72158", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72158"}, {"name": "1031572", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031572"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2014-6541", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "72158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72158"}, {"name": "1031572", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031572"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:17:24.348Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "72158", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72158"}, {"name": "1031572", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031572"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2014-6541", "datePublished": "2015-01-21T15:00:00", "dateReserved": "2014-09-17T00:00:00", "dateUpdated": "2024-08-06T12:17:24.348Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "EDEDE937-C3D7-421C-9F70-F546AB823E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "165A1F85-076B-4216-8EF8-D67E6EC63A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1E11A25-C7CE-49DF-99CA-352FD21B8230", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Recovery en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2, cuando se ejecuta en Windows, permite a usuarios remotos autenticados afectar la confidencialidad a trav\u00e9s de vectores relacionados con DBMS_IR."}], "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n\nThis vulnerability is only applicable on a Windows operating system. The CVSS score is 6.3 for Database versions prior to 12c. The CVSS is 3.5 (Confidentiality is \"Partial+\") for Database 12c.", "id": "CVE-2014-6541", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-21T15:28:00.057", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/72158"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1031572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031572"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}