CVE-2019-2776

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which can be easily exploited by a high-privileged attacker with Create Any Index privilege and network access via OracleNet. This can lead to unauthorized access to critical data or complete access to all Core RDBMS accessible data, as well as unauthorized update, insert, or delete access to some of Core RDBMS accessible data. The vulnerability may significantly impact additional products.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component until a patch is available. As a temporary workaround, limit the use of Create Any Index privilege to minimize the risk of exploitation. Restrict network access via OracleNet to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.