Vulnerability Details : CVE-2007-1442
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
Exploit prediction scoring system (EPSS) score for CVE-2007-1442
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 37 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-1442
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2007-1442
Products affected by CVE-2007-1442
- cpe:2.3:a:oracle:database_server:10.2.1:*:standard:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.2:*:personal:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.2:*:standard:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.3:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.1:*:personal:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.3:*:personal:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.3:*:standard:*:*:*:*:*