CVE-2021-2335

Name of the Vulnerable Software and Affected Versions Oracle Database - Enterprise Edition Data Redaction versions 12.1.0.2 through 19c

Description The issue is related to insufficient input validation in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. This easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the Oracle Database - Enterprise Edition Data Redaction component. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of the Oracle Database - Enterprise Edition Data Redaction accessible data.

Recommendations For versions 12.1.0.2, 12.2.0.1, and 19c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.