CVE-2022-21603

Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuoct2022.html	Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2022.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:database_-_sharding:19c:::::::*
	cpe:2.3:a:oracle:database_-_sharding:21c:::::::*

History

21 Nov 2024, 06:45

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory

20 Oct 2022, 05:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:database_-_sharding:19c:::::::* cpe:2.3:a:oracle:database_-_sharding:21c:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory
CWE		NVD-CWE-noinfo

18 Oct 2022, 21:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-18 21:15

Updated : 2024-11-21 06:45

NVD link : CVE-2022-21603

Mitre link : CVE-2022-21603

CVE.ORG link : CVE-2022-21603

JSON object : View

Products Affected

oracle

database_-_sharding

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-21603", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-10-18T21:15:11.920", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Oracle Database - Sharding de Oracle Database Server. Las versiones soportadas que est\u00e1n afectadas son 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante con privilegios de Local Logon con acceso a la red por medio de Local Logon comprometer a Oracle Database - Sharding. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Database - Sharding. CVSS 3.1 Puntuaci\u00f3n Base 7.2 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)"}], "lastModified": "2024-11-21T06:45:03.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_-_sharding:19c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07E193A5-5907-4287-8F81-C5061AD564EE"}, {"criteria": "cpe:2.3:a:oracle:database_-_sharding:21c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB3BD66-7467-4A6E-B5E9-C19DDE06C963"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}