CVE-2022-21247Corporation Database Enterprise Edition vulnerability

4 documents4 sources
Severity
2.7LOWNVD
EPSS
0.2%
top 57.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Database Enterprise EditionOracle Database Server
Timeline
PublishedJan 19
Latest updateJan 20

Description

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

NVDoracle/database_server12.2.0.1, 19c+1

🔴Vulnerability Details

2
GHSA
GHSA-fvrw-gf6r-cvvq: Vulnerability in the Core RDBMS component of Oracle Database Server2022-01-20
CVEList
CVE-2022-21247: Vulnerability in the Core RDBMS component of Oracle Database Server2022-01-19

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: Core RDBMS — CVE-2022-212472022-01-15
CVE-2022-21247 — LOW severity | cvebase