CVE-2021-2326

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.2.0.1 through 19c

Description The issue is related to insufficient input validation in the Database Vault component of Oracle Database Server. This allows a high-privileged attacker with DBA privilege and network access via Oracle Net to compromise Database Vault, resulting in unauthorized read access to a subset of Database Vault accessible data. The vulnerability can be exploited remotely using the HTTP protocol.

Recommendations For versions 12.2.0.1 and 19c, consider restricting access to the Database Vault component until a patch is available. As a temporary workaround, limit network access via Oracle Net to minimize the risk of exploitation. Avoid using the Database Vault component for sensitive data storage until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.