First published: Wed Oct 20 2021(Updated: )
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database | =12.1.0.2 | |
Oracle Database | =12.2.0.1 | |
Oracle Database | =19c | |
Oracle Database | =21c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Oracle Database Server vulnerability is CVE-2021-35557.
The severity of CVE-2021-35557 is medium with a CVSS score of 4.3.
Versions 12.1.0.2, 12.2.0.1, 19c, and 21c of Oracle Database Server are affected by CVE-2021-35557.
The vulnerability CVE-2021-35557 can be exploited by a low privileged attacker with Create Table privilege and network access via Oracle Net.
You can find more information about CVE-2021-35557 on the Oracle Security Alerts page: https://www.oracle.com/security-alerts/cpuoct2021.html