CVE-2021-2351

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1 and 19c

Description The issue is related to the Advanced Networking Option component of Oracle Database Server, allowing an unauthenticated attacker with network access via Oracle Net to compromise this component. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products, potentially resulting in the takeover of Advanced Networking Option. The vulnerability is difficult to exploit.

Recommendations For versions 12.1.0.2, 12.2.0.1, and 19c, review the "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1) and apply the necessary changes to prevent the use of weaker ciphers. As a temporary workaround, consider restricting access to the Advanced Networking Option component until the issue is resolved. Apply the updates introduced in the July 2021 Critical Patch Update to deal with the vulnerability and prevent the use of weaker ciphers.