PT-2021-2873 · Oracle · Oracle Database Server+1
Emad Al-Mousa
·
Published
2021-04-20
·
Updated
2023-03-15
·
CVE-2021-2173
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c
Description
The issue is related to the Recovery component of Oracle Database Server, where an easily exploitable vulnerability allows a high-privileged attacker with DBA Level Account privilege and network access via Oracle Net to compromise Recovery. This may result in unauthorized read access to a subset of Recovery accessible data. The vulnerability can significantly impact additional products.
Recommendations
For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Recovery component until a patch is available.
Restrict network access via Oracle Net to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Database
Oracle Database Server