PT-2019-3698 · Fasterxml+1 · Jackson-Databind+2
Published
2019-01-01
·
Updated
2019-10-21
·
CVE-2019-2956
CVSS v2.0
6.3
Medium
| Vector | AV:N/AC:M/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, 19c
Description
The issue is related to the Core RDBMS (jackson-databind) component of Oracle Database Server, where an easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via multiple protocols to compromise the component. Successful attacks require human interaction from a person other than the attacker and can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the Core RDBMS (jackson-databind).
Recommendations
For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Database
Oracle Database Server
Jackson-Databind