CVE-2022-21411

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 19c, and 21c

Description The issue is related to insufficient input validation in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. This easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the RDBMS Gateway / Generic ODBC Connectivity. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data.

Recommendations For version 12.1.0.2, update to a version that includes the fix for this issue. For version 19c, update to a version that includes the fix for this issue. For version 21c, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access via Oracle Net to minimize the risk of exploitation.