PT-2026-3724 · Oracle · Oracle Zero Data Loss Recovery Appliance

Alexander Kornbrust

Publicado

2026-01-20

Atualizado

2026-01-20

CVE-2026-21977

CVSS v3.1

3.1

Baixa

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle Zero Data Loss Recovery Appliance Software versions 23.1.0 through 23.1.202509

Description A difficult to exploit issue exists in the Oracle Zero Data Loss Recovery Appliance Software, specifically within the Security component. An unauthenticated attacker with network access via Oracle Net can compromise the software. Exploitation requires human interaction from someone other than the attacker and can lead to unauthorized read access to a subset of the software’s data.

Recommendations Update Oracle Zero Data Loss Recovery Appliance Software to a version later than 23.1.202509.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2026-00999

CVE-2026-21977

Produtos afetados

Oracle Zero Data Loss Recovery Appliance

PT-2026-3724 · Oracle · Oracle Zero Data Loss Recovery Appliance

CVE-2026-21977

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5