First published: Wed Oct 20 2021(Updated: )
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database | =12.1.0.2 | |
Oracle Database | =12.2.0.1 | |
Oracle Database | =19c | |
Oracle Database | =21c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35558 is a vulnerability in the Core RDBMS component of Oracle Database Server.
Oracle Database Server versions 12.1.0.2, 12.2.0.1, 19c, and 21c are affected by CVE-2021-35558.
An attacker with Create Table privilege and network access via Oracle Net can exploit CVE-2021-35558.
CVE-2021-35558 has a severity rating of 4.3 (medium).
You can find more information about CVE-2021-35558 in the Oracle Security Alerts webpage: https://www.oracle.com/security-alerts/cpuoct2021.html