Privilege Escalation Vulnerability in Oracle 10g DBMS_Scheduler
CVE-2005-1496

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 11 May 2005

What is CVE-2005-1496?

The DBMS_Scheduler component in Oracle 10g contains a security flaw that allows remote attackers, who possess CREATE JOB privileges, to change their session user to the SYS user. This unauthorized privilege escalation can enable attackers to perform actions beyond their intended access level, posing a significant risk to database integrity and security. Proper configuration and access controls are essential to mitigate this risk.

References

http://www.red-database-security.com/exploits/oracle_expl...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=111531740305049&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/13509

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2005
Vulnerability Reserved
May 11, 2005