CVE-2021-2245

Name of the Vulnerable Software and Affected Versions Oracle Database - Enterprise Edition Unified Audit versions 18c through 19c

Description The issue is related to inadequate access restrictions in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Exploitation of this issue may allow a remote attacker to modify, add, or delete data using the Oracle Net protocol. The attacker must have the Create Audit Policy privilege and network access via Oracle Net to compromise the Oracle Database - Enterprise Edition Unified Audit. Successful attacks can result in unauthorized access to some of the Oracle Database - Enterprise Edition Unified Audit accessible data.

Recommendations For versions 18c and 19c, consider restricting access to the Oracle Net protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit the Create Audit Policy privilege to only necessary users to reduce the attack surface. Avoid using the Oracle Net protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.