PT-2019-3121 · Oracle · Oracle Database Server

Published

2019-04-23

Updated

2020-08-24

CVE-2019-2516

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c

Description The issue is related to a vulnerability in the Portable Clusterware component of Oracle Database Server, allowing a high-privileged attacker with Grid Infrastructure User privilege to compromise Portable Clusterware. This can result in the takeover of Portable Clusterware and may significantly impact additional products. The vulnerability can be easily exploited by an attacker with logon access to the infrastructure where Portable Clusterware executes.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2019-03104

CVE-2019-2516

Affected Products

Oracle Database Server

PT-2019-3121 · Oracle · Oracle Database Server

CVE-2019-2516

Weakness Enumeration

Related Identifiers

Affected Products

References · 5