Vulnerability Details : CVE-2008-3995
Public exploit exists!
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
Exploit prediction scoring system (EPSS) score for CVE-2008-3995
Probability of exploitation activity in the next 30 days: 15.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-3995
-
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
Disclosure Date: 2008-10-22First seen: 2020-04-26auxiliary/sqli/oracle/dbms_cdc_publishThe module exploits an sql injection flaw in the ALTER_AUTOLOG_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE hav
CVSS scores for CVE-2008-3995
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST |
References for CVE-2008-3995
Products affected by CVE-2008-3995
- cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_11i:11.1.0.6:*:*:*:*:*:*:*