CVE-2021-2035

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description: The issue exists due to insufficient input validation in the RDBMS Scheduler component of Oracle Database Server, allowing a remote attacker to execute arbitrary code by sending specially crafted network packets. This can result in the takeover of the RDBMS Scheduler. A low-privileged attacker with Export Full Database privilege and network access via Oracle Net can exploit this issue.

Recommendations: For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting network access via Oracle Net to minimize the risk of exploitation. Restrict the Export Full Database privilege to prevent low-privileged attackers from exploiting the vulnerability.