Unrated severityNVD Advisory· Published Jul 15, 2008· Updated Apr 23, 2026

CVE-2008-2589

Description

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.

Affected products

Oracle Corporation/Application Server3 versions
cpe:2.3:a:oracle:application_server:10.1.2.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:application_server:10.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:10.1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
Oracle Corporation/Oracle Portal Component
cpe:2.3:a:oracle:oracle_portal_component:*:*:*:*:*:*:*:*
Oracle Corporation/Portalllm-fuzzy
Range: 9.0.4.3, 10.1.2.2, 10.1.4.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31087nvdVendor Advisory
secunia.com/advisories/31113nvdVendor Advisory
www.vupen.com/english/advisories/2008/2109/referencesnvdVendor Advisory
www.vupen.com/english/advisories/2008/2115nvdVendor Advisory
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlnvd
www.securityfocus.com/archive/1/494410/100/0/threadednvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000