VYPR
Unrated severityNVD Advisory· Published Sep 21, 2012· Updated Jun 16, 2026

CVE-2012-3137

CVE-2012-3137

Description

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
    • (no CPE)range: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.