Vulnerability Details : CVE-2010-2415
Public exploit exists!
Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
Threat overview for CVE-2010-2415
Top countries where our scanners detected CVE-2010-2415
Top open port discovered on systems with this issue
1521
IPs affected by CVE-2010-2415 34,727
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-2415!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-2415
Probability of exploitation activity in the next 30 days: 14.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-2415
-
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
Disclosure Date: 2010-10-13First seen: 2020-04-26auxiliary/sqli/oracle/dbms_cdc_publish3The module exploits an sql injection flaw in the CREATE_CHANGE_SET procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the re
CVSS scores for CVE-2010-2415
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST |
References for CVE-2010-2415
-
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Oracle Critical Patch Update - October 2010
-
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
Oracle Updates for Multiple Vulnerabilities | CISAUS Government Resource
Products affected by CVE-2010-2415
- cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.2.0.1:*:*:*:*:*:*:*