CVE-2019-2582
First published: Tue Apr 23 2019(Updated: )
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | =12.2.0.1 | |
| Oracle Database | =18c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Oracle Database Server vulnerability?
The vulnerability ID is CVE-2019-2582.
Which versions of Oracle Database Server are affected by CVE-2019-2582?
Versions 12.2.0.1 and 18c of Oracle Database Server are affected.
Is this vulnerability easily exploitable?
Yes, this vulnerability is easily exploitable.
How can an attacker exploit CVE-2019-2582?
An unauthenticated attacker with network access via Oracle Net can exploit this vulnerability.
What is the severity rating of CVE-2019-2582?
The severity rating of CVE-2019-2582 is medium with a value of 5.3.
- agent/type
- agent/severity
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/oracle
- canonical/oracle database
- version/oracle database/12.2.0.1
- version/oracle database/18c