Okan Basegmez

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server versions 19c and 21c **Description** The issue is related to insufficient input validation in the Oracle Database Data Redaction component of Oracle Database Server. This can be exploited by a remote attacker to gain access to confidential information. Successful attacks may result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. **Recommendations** For versions 19c and 21c, update to a version that includes the fix for this issue to prevent unauthorized access to confidential data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Database - Enterprise Edition Data Redaction versions 12.1.0.2 through 19c **Description** The issue is related to insufficient input validation in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. This easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of the Oracle Database - Enterprise Edition Data Redaction accessible data. **Recommendations** For versions 12.1.0.2, 12.2.0.1, and 19c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Database - Enterprise Edition Data Redaction versions 12.1.0.2, 12.2.0.1 and 19c **Description** The issue is related to insufficient input validation in the Oracle Database - Enterprise Edition Data Redaction component. It allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the component. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of the accessible data. **Recommendations** For versions 12.1.0.2, 12.2.0.1, and 19c, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Database - Enterprise Edition Data Redaction versions 12.1.0.2 through 19c **Description** The issue is related to insufficient input validation in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. This easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the Oracle Database - Enterprise Edition Data Redaction component. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of the Oracle Database - Enterprise Edition Data Redaction accessible data. **Recommendations** For versions 12.1.0.2, 12.2.0.1, and 19c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.