Text Form of Oracle Security Alert - CVE-2012-3132 Risk Matrices



This document provides the text form of the CVE-2012-3132 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CVE-2012-3132 Advisory

 

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2012-3132Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create table privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

Note: 11.2.0.2 and 11.2.0.3 do not require patching if the July 2012 Critical Patch Update has been applied.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]