PT-2021-15434 · Oracle · Oracle Logminer+3
Eddie Zhu
·
Published
2021-10-19
·
Updated
2021-10-26
·
CVE-2021-2332
CVSS v3.1
6.7
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Oracle Database Server versions 12.1.0.2, 12.2.0.1 and 19c
Description
The issue affects the Oracle LogMiner component, allowing a high-privileged attacker with DBA privilege and network access via Oracle Net to compromise Oracle LogMiner. This can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized read access to a subset of Oracle LogMiner accessible data. Additionally, it can cause a hang or frequently repeatable crash of Oracle LogMiner.
Recommendations
For version 12.1.0.2, update to a version that includes the fix for this issue.
For version 12.2.0.1, update to a version that includes the fix for this issue.
For version 19c, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Oracle LogMiner component to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Database
Oracle Database Server
Oracle Logminer
Oracle Net