As stated by Team SHATTER’s Alex Rothacker, Although CVE-2010-0902 is rated by Oracle with a CVSS score of 6.0, this is the most severe vulnerability included in this CPU and should be patched immediately. The vulnerability allows full takeover of the database management system (DBMS) and possibly the server. In certain cases the CVSS ratings for vulnerabilities do not adequately reflect the threat to critical databases. |
This is just one of the 59 vulnerability fixes for Oracle products in the July CPU, 13 specific to the Oracle database. Of these 13 database vulnerabilities, Esteban Martinez Fayo of Team SHATTER has been credited for identifying two of them (CVE-2010-0903 and CVE-2010-2373). And of the 13 vulnerabilities, Team SHATTER has identified two of high risk (CVE-2010-0902 and CVE-2010-0911).