CVE-2008-2592: Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6...

Description

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.

Metrics

EPSS Probability

1.80%

75.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Oracle	Advanced Replication Component	All versions	—
Oracle	Database Server	9.2.0.8	—
Oracle	Database Server	10.1.0.5	—
Oracle	Oracle Database	9.0.1.5	—
Oracle	Oracle Database	9.2.0.8	Dv
Oracle	Oracle Database	10.2.0.4	—
Oracle	Oracle Database	11.1.0.6	—

References

Timeline

Published: Jul 15, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-2592?

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.

How severe is CVE-2008-2592?

Severity scoring for CVE-2008-2592 is pending analysis. The EPSS model estimates a 1.80% probability of exploitation in the next 30 days.

How do I fix CVE-2008-2592?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.