Local Command Execution Vulnerability in Oracle Database Server
CVE-2004-0637

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
2 September 2004

Summary

The Oracle Database Server versions 8.1.7.4 to 9.2.0.4 contain a vulnerability in the ctxsys.driload package that allows local users to execute commands with elevated privileges. This security flaw arises because the ctxsys.driload package is publicly accessible, which could be exploited to gain unauthorized access to sensitive system functionalities.

References

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.