CVE-2022-21606

Name of the Vulnerable Software and Affected Versions Oracle Database Server version 19c

Description The issue exists due to insufficient protection of the web page structure in the Oracle Services for Microsoft Transaction Server component. This allows a remote attacker to potentially gain read, modify, add, or delete access to data. Successful attacks require human interaction and can significantly impact additional products. The vulnerability can result in unauthorized access to some data, including update, insert, or delete access, as well as unauthorized read access to a subset of data. Note that this issue applies to Windows systems only.

Recommendations For version 19c, apply the necessary patches or updates to fix the vulnerability in the Oracle Services for Microsoft Transaction Server component. As a temporary workaround, consider restricting access to the Oracle Services for Microsoft Transaction Server to minimize the risk of exploitation.