PT-2021-20968 · Oracle · Oracle Database Server+1
Qiguang Zhu
·
Published
2021-10-19
·
Updated
2022-07-12
·
CVE-2021-35551
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions:
Oracle Database Server versions 12.2.0.1, 19c, and 21c
Description:
The issue affects the RDBMS Security component, allowing a high-privileged attacker with DBA privilege and network access via Oracle Net to compromise RDBMS Security. Successful attacks can result in unauthorized access to update, insert, or delete some RDBMS Security accessible data, as well as cause a hang or complete denial of service of RDBMS Security.
Recommendations:
For version 12.2.0.1, update to a version that includes the fix for this issue.
For version 19c, update to a version that includes the fix for this issue.
For version 21c, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the RDBMS Security component to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Database
Oracle Database Server