PT-2021-20972 · Oracle · Oracle Database Server+1

Yaoguang Chen

Published

2021-10-19

Updated

2021-10-25

CVE-2021-35557

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 19c, 21c

Description: The issue affects the Core RDBMS component, allowing a low-privileged attacker with Create Table privilege and network access via Oracle Net to compromise Core RDBMS. This can result in a partial denial of service (partial DOS) of Core RDBMS.

Recommendations: For versions 12.1.0.2, 12.2.0.1, 19c, 21c, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-35557

Affected Products

Oracle Database

Oracle Database Server

PT-2021-20972 · Oracle · Oracle Database Server+1

CVE-2021-35557

Related Identifiers

Affected Products

References · 3