CVE-2021-2054

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.2.0.1, 18c, 19c

Description: The issue is related to the RDBMS Sharding component of Oracle Database Server, where an easily exploitable vulnerability allows a high-privileged attacker with network access via Oracle Net to compromise RDBMS Sharding. This can result in the takeover of RDBMS Sharding. The vulnerability is associated with inadequate access control and can be exploited by an attacker with Create Any Procedure, Create Any View, Create Any Trigger privilege.

Recommendations: For versions 12.2.0.1, 18c, and 19c, consider restricting access to the RDBMS Sharding component until a patch is available. As a temporary workaround, limit the privileges of users with Create Any Procedure, Create Any View, Create Any Trigger privilege to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.