First published: Wed Jan 20 2021(Updated: )
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle Database. Authentication is required to exploit this vulnerability. The specific flaw exists within the execution of stored procedures. When executing stored procedures, the process does not properly check the caller's privileges. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from users with limited privileges.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database | ||
Oracle Rdbms Sharding | =12.2.0.1 | |
Oracle Rdbms Sharding | =18c | |
Oracle Rdbms Sharding | =19c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-2054 is a vulnerability in the RDBMS Sharding component of Oracle Database Server, affecting versions 12.2.0.1, 18c, and 19c.
CVE-2021-2054 has a severity rating of 8.8 (High).
CVE-2021-2054 allows a high privileged attacker with specific privileges to escalate privileges and gain unauthorized access to the Oracle Database Server.
Oracle Database Server versions 12.2.0.1, 18c, and 19c are affected by CVE-2021-2054.
To fix CVE-2021-2054 in Oracle Database Server, apply the patches and updates provided by Oracle in their security advisory.