CVE-2022-21411

4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 60.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Database - Enterprise EditionOracle Database
Timeline
PublishedApr 19
Latest updateApr 20

Description

Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connecti

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDoracle/database12.1.0.2, 19c, 21c+2
CVEListV5oracle_corporation/database_-_enterprise_edition12.1.0.2, 19c, 21c+2

🔴Vulnerability Details

2
GHSA
GHSA-p2g2-gg9f-mg83: Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server2022-04-20
CVEList
CVE-2022-21411: Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server2022-04-19

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: RDBMS Gateway / Generic ODBC Connectivity — CVE-2022-214112022-04-15
CVE-2022-21411 (MEDIUM CVSS 5.4) | Vulnerability in the RDBMS Gateway | cvebase.io