CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2017-10202

CVSS 9.9v3.0pub. 2017-08-08upd. 2026-05-13

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Oracle Database

    APP
    Oracle
    11.2.0.412.1.0.212.2.0.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2020-35169CRITICAL9.1ten sam produkt

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before ...

CVE-2017-3310CRITICAL9.0ten sam produkt

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0...

CVE-2016-3609CRITICAL9.0ten sam produkt

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 all...

CVE-2016-3454CRITICAL9.0ten sam produkt

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 ...

CVE-2022-21596HIGH7.2ten sam produkt

Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported ver...