Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:5CD24ADE28DCA651CFCEB5C3B4C40EAB
HistoryAug 01, 2011 - 12:00 a.m.

Oracle Warehouse Builder SQL Injection

2011-08-0100:00:00
SAINT Corporation
my.saintcorporation.com
36

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.008

Percentile

81.4%

JSON

Added: 08/01/2011
CVE: CVE-2011-0799
BID: 47431
OSVDB: 71956

Background

Oracle Warehouse Builder (OWB) is an ETL tool produced by Oracle that offers a graphical environment to build, manage and maintain data integration processes in business intelligence systems.

Problem

A SQL injection vulnerability exists in Oracle Warehouse Builder versions 10.2.0.5, 11.1.0.7, 11.2.0.1 and prior. An authenticated user with the CONNECT privilege may leverage this vulnerability to remotely compromise the server.

Resolution

Apply the April 2011 Oracle Critical Patch Update.

References

<http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html&gt;

Limitations

This exploit has been tested against Oracle Business Intelligence Standard Edition One 10.1.3.2.1 on Windows Server 2003 SP2 (DEP OptOut). The exploit requires the login and password to an Oracle account with connect privileges. This exploit must bind to TCP port 80, so it needs root privileges to execute and no other process can be binding to port 80.

Platforms

Windows

Related

saint 3
prion 1
erpscan 1
checkpoint_advisories 3
cvelist 1
nvd 1
cve 1
nessus 1
securityvulns 1
oracle 1
saint
saint
Oracle Warehouse Builder SQL Injection
2011-08-01 00:00:00
Oracle Warehouse Builder SQL Injection
2011-08-01 00:00:00
Oracle Warehouse Builder SQL Injection
2011-08-01 00:00:00
prion
prion
Design/Logic Flaw
2011-04-20 03:14:00
erpscan
erpscan
Oracle BI — WB_OLAP_AW_REMOVE_SOLVE_ID - privilege escalation
2009-04-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Warehouse Builder Stored Procedure SQL Injection (CVE-2011-0799)
2011-11-29 00:00:00
Oracle Warehouse Builder WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection (CVE-2011-0799)
2012-01-31 00:00:00
Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE Multiple SQL Injections (CVE-2011-0799)
2012-01-31 00:00:00
cvelist
cvelist
CVE-2011-0799
2011-04-20 03:09:00
nvd
nvd
CVE-2011-0799
2011-04-20 03:14:05
cve
cve
CVE-2011-0799
2011-04-20 03:14:05
nessus
nessus
Oracle Database Multiple Vulnerabilities (April 2011 CPU)
2011-05-13 00:00:00
securityvulns
securityvulns
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-05-04 00:00:00
oracle
oracle
cpuapr2011
2011-04-19 00:00:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.008

Percentile

81.4%

JSON
Related for SAINT:5CD24ADE28DCA651CFCEB5C3B4C40EAB
saint3prion1erpscan1checkpoint_advisories3cvelist1nvd1cve1nessus1securityvulns1oracle1