CVE-2022-21410
First published: Tue Apr 19 2022(Updated: )
Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | =19c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-21410?
The severity of CVE-2022-21410 is high with a CVSS score of 7.2.
Which version of Oracle Database is affected by CVE-2022-21410?
Oracle Database version 19c is affected by CVE-2022-21410.
Is CVE-2022-21410 easily exploitable?
Yes, CVE-2022-21410 is an easily exploitable vulnerability.
What privilege does an attacker need to exploit CVE-2022-21410?
An attacker with Create Any Procedure privilege can exploit CVE-2022-21410.
How can CVE-2022-21410 be exploited?
CVE-2022-21410 can be exploited through network access via Oracle Net.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle database
- version/oracle database/19c