CVE-2019-2860

Name of the Vulnerable Software and Affected Versions Oracle Clusterware version 12.1.0.2.0

Description The issue is related to insufficient access control in the Trace File Analyzer (TFA) Collector component of Oracle Clusterware, allowing an unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. This can result in unauthorized update, insert, or delete access to some of Oracle Clusterware's accessible data, as well as unauthorized read access to a subset of Oracle Clusterware's accessible data. Additionally, it can cause a partial denial of service (partial DOS) of Oracle Clusterware.

Recommendations For Oracle Clusterware version 12.1.0.2.0, consider restricting access to the TFA Collector component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit network access to the affected system via multiple protocols to reduce the attack surface.