CVE-2013-3826

Опубликовано: 16 окт. 2013

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.

Комментарий

Per http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

"Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database. To remediate this security vulnerability, customers should configure network encryption in their clients and servers to protect sensitive data sent over untrusted networks. Refer to http://docs.oracle.com/cd/E11882_01/license.112/e47877/options.htm#CIHFDJDG - "Oracle Advanced Security section" of "Oracle Database Licensing Information 11g Release 2 (11.2)" for details of this licensing change."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00362

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7v2g-mfrc-c4cw

github

больше 3 лет назад