CVE-2021-2332

CWE-4025 documents5 sources
Severity
6.7MEDIUM
EPSS
0.3%
top 47.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Database - Enterprise EditionOracle Database Server
Timeline
PublishedOct 20
Latest updateMar 4

Description

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle LogMiner accessible data as well as unauthorized read access to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HExploitability: 1.2 | Impact: 5.5

Affected Packages2 packages

NVDoracle/database_server12.1.0.2, 12.2.0.1, 19c+2
CVEListV5oracle_corporation/database_-_enterprise_edition12.1.0.2, 12.2.0.1, 19c+2

🔴Vulnerability Details

2
GHSA
GHSA-9gpg-wjp4-q3f9: Vulnerability in the Oracle LogMiner component of Oracle Database Server2022-05-24
CVEList
CVE-2021-2332: Vulnerability in the Oracle LogMiner component of Oracle Database Server2021-10-20

📋Vendor Advisories

2
Red Hat
kernel: kfence: fix memory leak when cat kfence objects2024-03-04
Oracle
Oracle Oracle Database Server Risk Matrix: Oracle LogMiner — CVE-2021-23322021-10-15
CVE-2021-2332 (MEDIUM CVSS 6.7) | Vulnerability in the Oracle LogMine | cvebase.io