CVE-2014-4245 : Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0

Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.

Published 2014-07-17 11:17:10

Updated 2018-10-09 19:48:42

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2014-4245

Top countries where our scanners detected CVE-2014-4245

Top open port discovered on systems with this issue 1521

IPs affected by CVE-2014-4245 16,989

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-4245!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-4245

Probability of exploitation activity in the next 30 days: 0.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-4245

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-4245

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

VMSA-2014-0012.1

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Oracle Critical Patch Update - July 2014
Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21689484

IBM Security Bulletin: IBM OpenPages Platform with Database vulnerabilities.

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/94540

Oracle Database RDBMS Core information disclosure CVE-2014-4245 Vulnerability Report
http://seclists.org/fulldisclosure/2014/Dec/23

Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

CVEs referencing this url
http://www.securityfocus.com/archive/1/534161/100/0/threaded

SecurityFocus

CVEs referencing this url
http://www.securitytracker.com/id/1030576

Oracle Database Core RDBMS Bugs Let Remote Authenticated Users Partially Access and Modify Data and Cause Denial of Service Conditions - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/68617

Oracle Database Server CVE-2014-4245 Remote Security Vulnerability

Products affected by CVE-2014-4245

Oracle » Database Server » Version: 11.1.0.7
cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 11.2.0.3
cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 11.2.0.4
cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.1.0.1
cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-4245

Threat overview for CVE-2014-4245

Exploit prediction scoring system (EPSS) score for CVE-2014-4245

CVSS scores for CVE-2014-4245

References for CVE-2014-4245

Products affected by CVE-2014-4245