CVE-2021-1993

6 documents5 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 53.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Database - Enterprise Edition Oracle Database Server Oracle Enterprise Manager OPS Center +2 more

Timeline

PublishedJan 20

Latest updateMay 24

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critica…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

▶NVDoracle/database_server4 versions+3

▶CVEListV5oracle_corporation/database_-_enterprise_edition4 versions+3

▶NVDoracle/zfs_storage_appliance8.8

▶NVDoracle/enterprise_manager_ops_center12.4.0.0

▶NVDoracle/hyperion_infrastructure_technology11.1.2.4

🔴Vulnerability Details

GHSA

GHSA-2mj9-chm4-g5pj: Vulnerability in the Java VM component of Oracle Database Server↗2022-05-24

▶

Kernel

Merge tag 'xfs-5.17-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux↗2022-01-21

▶

Kernel

xfs: kill the XFS_IOC_{ALLOC,FREE}SP* ioctls↗2022-01-07

▶

CVEList

CVE-2021-1993: Vulnerability in the Java VM component of Oracle Database Server↗2021-01-20

▶

📋Vendor Advisories

Oracle

Oracle Oracle Database Server Risk Matrix: Java VM — CVE-2021-1993↗2021-01-15

▶