Oracle SQLcl 19c Local Logon information disclosure

A vulnerability, which was classified as critical, has been found in Oracle SQLcl 19c. Affected by this issue is an unknown code of the component Local Logon. Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 03:05 PM08/06/2022 03:10 PM
vendorOracleOracleOracle
nameSQLclSQLclSQLcl
cveCVE-2022-0839CVE-2022-0839CVE-2022-0839
componentLocal LogonLocal LogonLocal Logon
risk222
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
version19c19c19c
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.64.64.6
cvss2_vuldb_tempscore4.04.04.0
cvss3_vuldb_basescore5.05.05.0
cvss3_vuldb_tempscore4.84.84.8
cvss3_meta_basescore5.05.07.4
cvss3_meta_tempscore4.84.87.3
price_0day$0-$5k$0-$5k$0-$5k
patch_urlhttps://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381
cve_assigned1646262000 (03/03/2022)1646262000 (03/03/2022)
cve_nvd_summaryImproper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnahuntr.dev
cvss2_nvd_basescore7.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore7.3

Want to stay up to date on a daily basis?

Enable the mail alert feature now!