First published: Thu Apr 22 2021(Updated: )
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database | =12.1.0.2 | |
Oracle Database | =12.2.0.1 | |
Oracle Database | =18c | |
Oracle Database | =19c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-2207 is a vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server.
Versions 12.1.0.2, 12.2.0.1, 18c, and 19c of Oracle Database Server are affected by CVE-2021-2207.
CVE-2021-2207 has a severity rating of 2.3, which is classified as low.
CVE-2021-2207 can be exploited by a high privileged attacker with RMAN executable privilege and logon access to the infrastructure.
You can find more information about CVE-2021-2207 at the following references: [Packet Storm Security](http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html) and [Oracle Security Alerts](https://www.oracle.com/security-alerts/cpuapr2021.html).