CVE-2021-35551
Summary
| CVE | CVE-2021-35551 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-20 11:16:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 20232 Oracle Database 21c Critical Patch Update - October 2021
- 20233 Oracle Database 19c Critical Patch Update - October 2021
- 20234 Oracle Database 12.2.0.1 Critical Patch Update - October 2021
- 20235 Oracle Database 12.2.0.1 Critical Patch Update - October 2021 (Unauthenticated)
- 20276 Oracle Database 19c Critical OJVM Patch Update - October 2021
- 20290 Oracle Database 12.2.0.1 Critical OJVM Patch Update - October 2021