Vulnerability Details : CVE-2014-6477
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability.
Vulnerability category: Information leak
Threat overview for CVE-2014-6477
Top countries where our scanners detected CVE-2014-6477
Top open port discovered on systems with this issue
1521
IPs affected by CVE-2014-6477 24,544
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-6477!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-6477
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-6477
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:C/I:N/A:N |
8.0
|
6.9
|
NIST |
CWE ids for CVE-2014-6477
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6477
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99937
Oracle Database Server information disclosure CVE-2014-6477 Vulnerability Report
-
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Oracle Critical Patch Update - October 2014Patch;Vendor Advisory
Products affected by CVE-2014-6477
- cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*