PT-2026-3724 · Oracle · Oracle Zero Data Loss Recovery Appliance
Alexander Kornbrust
·
Published
2026-01-20
·
Updated
2026-01-20
·
CVE-2026-21977
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Zero Data Loss Recovery Appliance Software versions 23.1.0 through 23.1.202509
Description
A difficult to exploit issue exists in the Oracle Zero Data Loss Recovery Appliance Software, specifically within the Security component. An unauthenticated attacker with network access via Oracle Net can compromise the software. Exploitation requires human interaction from someone other than the attacker and can lead to unauthorized read access to a subset of the software’s data.
Recommendations
Update Oracle Zero Data Loss Recovery Appliance Software to a version later than 23.1.202509.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Zero Data Loss Recovery Appliance