PT-2021-2855 · Oracle · Oracle Database

Emad Al-Mousa

Published

2021-04-20

Updated

2023-09-02

CVE-2021-2207

CVSS v3.1

2.3

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database - Enterprise Edition versions 12.1.0.2 through 19c

Description The issue is related to inadequate access control in the Oracle Database - Enterprise Edition component of Oracle Database Server. It allows a high-privileged attacker with RMAN executable privilege and logon access to the infrastructure to compromise Oracle Database - Enterprise Edition. Successful attacks can result in unauthorized update, insert, or delete access to some of Oracle Database - Enterprise Edition's accessible data.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2021-02403

CVE-2021-2207

Affected Products

Oracle Database

PT-2021-2855 · Oracle · Oracle Database

CVE-2021-2207

Weakness Enumeration

Related Identifiers

Affected Products

References · 5