CVE-2022-21410

4 documents4 sources
Severity
7.2HIGH
EPSS
1.2%
top 20.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Database - Enterprise EditionOracle Database
Timeline
PublishedApr 19
Latest updateApr 20

Description

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentia

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-593w-xw98-2hpv: Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server2022-04-20
CVEList
CVE-2022-21410: Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server2022-04-19

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: Oracle Database - Enterprise Edition Sharding — CVE-2022-214102022-04-15
CVE-2022-21410 (HIGH CVSS 7.2) | Vulnerability in the Oracle Databas | cvebase.io