CVE-2019-2913

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.2.0.1, 18c, 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which can be easily exploited by a low-privileged attacker with Create Session privilege and network access via OracleNet. This vulnerability can compromise Core RDBMS and potentially impact additional products. Successful attacks can result in unauthorized read access to a subset of Core RDBMS accessible data. The vulnerability is related to the lack of protection of service data.

Recommendations For versions 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component until a patch is available. As a temporary workaround, limit the use of the Create Session privilege to minimize the risk of exploitation. Avoid using the OracleNet protocol for remote access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.