CVE-2021-2326 - Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are

CVE-2021-2326

Summary

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

References

https://www.oracle.com/security-alerts/cpujul2021.html

Vulnerable Configurations

cpe:2.3:a:oracle:database_vault:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:19c:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 21-07-2021 - 20:52)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

Last major update

21-07-2021 - 20:52

Published

21-07-2021 - 00:15

Last modified

21-07-2021 - 20:52