PT-2021-7154 · Oracle · Oracle Database

Okan Basegmez

Published

2021-07-20

Updated

2021-07-22

CVE-2021-2334

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database - Enterprise Edition Data Redaction versions 12.1.0.2, 12.2.0.1 and 19c

Description The issue is related to insufficient input validation in the Oracle Database - Enterprise Edition Data Redaction component. It allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the component. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of the accessible data.

Recommendations For versions 12.1.0.2, 12.2.0.1, and 19c, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-03508

CVE-2021-2334

Affected Products

Oracle Database

PT-2021-7154 · Oracle · Oracle Database

CVE-2021-2334

Weakness Enumeration

Related Identifiers

Affected Products

References · 4