CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.514

EPSS Ranking 97.7%

CVSS Severity

CVSS v2 Score 6.4

References

Products affected by CVE-2012-3137

Oracle » Database Server » Version: 10.2.0.3

cpe:2.3:a:oracle:database_server:10.2.0.3
Oracle » Database Server » Version: 10.2.0.4

cpe:2.3:a:oracle:database_server:10.2.0.4
Oracle » Database Server » Version: 10.2.0.5

cpe:2.3:a:oracle:database_server:10.2.0.5
Oracle » Database Server » Version: 11.1.0.7

cpe:2.3:a:oracle:database_server:11.1.0.7
Oracle » Database Server » Version: 11.2.0.2

cpe:2.3:a:oracle:database_server:11.2.0.2
Oracle » Database Server » Version: 11.2.0.3

cpe:2.3:a:oracle:database_server:11.2.0.3
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 8.2

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 8.3

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 8.4

cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3137

Products

Pricing

Contact Us