Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
References
Link | Resource |
---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Apr 2022, 17:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 5.4 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:* |
19 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-19 21:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-21411
Mitre link : CVE-2022-21411
CVE.ORG link : CVE-2022-21411
JSON object : View
Products Affected
oracle
- database
CWE