VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 13, 2010· Updated Apr 23, 2026

CVE-2009-3415

CVE-2009-3415

Description

Unspecified vulnerability in Oracle OLAP component allows remote authenticated users to compromise confidentiality, integrity, and availability of Oracle Database versions 9.2.0.8, 10.1.0.5, and 10.2.0.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unspecified vulnerability in Oracle OLAP component allows remote authenticated users to compromise confidentiality, integrity, and availability of Oracle Database versions 9.2.0.8, 10.1.0.5, and 10.2.0.3.

Vulnerability

The Oracle OLAP component in Oracle Database versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 contains an unspecified vulnerability [1]. The exact nature of the flaw is not disclosed, but it is remotely exploitable by authenticated users.

Exploitation

An attacker must have valid database credentials to authenticate to the Oracle Database instance. No additional privileges or user interaction are specified. The exploitation vector is unknown, but the vulnerability is reachable via the OLAP component.

Impact

Successful exploitation allows a remote authenticated attacker to affect the confidentiality, integrity, and availability of the database system [1]. The full scope of compromise is not detailed, but it could lead to unauthorized data access, modification, or denial of service.

Mitigation

Oracle addressed this vulnerability in the January 2010 Critical Patch Update [1]. Affected organizations should apply the relevant patch from Oracle. No workarounds are documented. The affected versions are now out of support, so upgrading to a supported version is recommended.

References
  1. Oracle Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Oracle Corporation/Database Server4 versions
    cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.0.8dv:*:*:*:*:*:*:*
  • Oracle Corporation/Olapllm-fuzzy
    Range: 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.