First published: Tue Jul 19 2022(Updated: )
Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-21511 is a vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server.
For the supported versions of Oracle Database Enterprise Edition that are affected, please refer to the provided reference link: https://www.oracle.com/security-alerts/cpujul2022.html
The severity of CVE-2022-21511 is rated as high with a severity score of 7.2.
CVE-2022-21511 allows a high privileged attacker with the EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege and network access to exploit the vulnerability.
To mitigate CVE-2022-21511, it is recommended to apply the necessary security patches provided by Oracle. Please refer to the provided reference link for more information: https://www.oracle.com/security-alerts/cpujul2022.html