CVE-2021-2175

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description The issue is related to the Database Vault component, where an easily exploitable vulnerability allows a high-privileged attacker with Create Any View, Select Any View privilege and network access via Oracle Net to compromise Database Vault. This can result in unauthorized read access to a subset of Database Vault accessible data.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Database Vault component until a patch is available. As a temporary workaround, limit the use of Create Any View and Select Any View privileges to minimize the risk of exploitation. Restrict network access via Oracle Net to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.