Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2589


Vulnerability Score 6.4 6.4
CVE Id CVE-2008-2589
Last Modified 22 Oct 2012 10:48:39
Published 15 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Unspecified vulnerability in the Oracle Portal component in Oracle Application Server,, and has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.

Vulnerable Systems


  • Oracle Application Server

  • Oracle Application Server

  • Oracle Application Server

  • Oracle Portal Component


VUPEN - ADV-2008-2115

VUPEN - ADV-2008-2109

SECTRACK - 1020494

BUGTRAQ - 20080715 Oracle Application Server PLSQL injection flaw


SECUNIA - 31113

SECUNIA - 31087

HP - HPSBMA02133


HP - SSRT061201

Last Updated: 27 May 2016 10:49:42