The main problem with the Oracle CVSS base scores is more with CVSS than
Oracle. Under the CVSSv2 definition of
Confidentiality/Integrity/Availability impact, if the entire database is
compromised but not the "entire system" then the metric value will be
Partial rather than Complete. Since the lar...
Oracle. Under the CVSSv2 definition of
Confidentiality/Integrity/Availability impact, if the entire database is
compromised but not the "entire system" then the metric value will be
Partial rather than Complete. Since the lar...
[ more ]