Vulnerability Details : CVE-2010-2415

Public exploit exists!
Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
Published 2010-10-14 02:00:02
Updated 2010-11-11 06:48:39
Source Oracle
View at NVD,   CVE.org

Threat overview for CVE-2010-2415

Top countries where our scanners detected CVE-2010-2415
Top open port discovered on systems with this issue 1521
IPs affected by CVE-2010-2415 34,727
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2010-2415!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-2415

Probability of exploitation activity in the next 30 days: 14.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-2415

  • Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
    Disclosure Date: 2010-10-13
    First seen: 2020-04-26
    auxiliary/sqli/oracle/dbms_cdc_publish3
    The module exploits an sql injection flaw in the CREATE_CHANGE_SET procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the re

CVSS scores for CVE-2010-2415

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
4.9
 MEDIUM AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8
4.9
 NIST

References for CVE-2010-2415

Products affected by CVE-2010-2415

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close