PT-2019-1928 · Oracle · Oracle Database Server

Published

2019-04-16

Updated

2020-08-24

CVE-2019-2619

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c

Description The issue is related to a vulnerability in the Portable Clusterware component of Oracle Database Server, which can be exploited by a high-privileged attacker with Grid Infrastructure User privilege and logon to the infrastructure where Portable Clusterware executes. This vulnerability can compromise Portable Clusterware and may significantly impact additional products, potentially resulting in the takeover of Portable Clusterware.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2019-01597

CVE-2019-2619

Affected Products

Oracle Database Server

PT-2019-1928 · Oracle · Oracle Database Server

CVE-2019-2619

Weakness Enumeration

Related Identifiers

Affected Products

References · 5