cnvd - cnvd-2022-54636

cnvd-2022-54636

Vulnerability from cnvd

Title

Oracle Database Server拒绝服务漏洞

Description

Oracle Database Server是美国甲骨文（Oracle）公司的一套关系数据库管理系统。该数据库管理系统提供数据管理、分布式处理等功能。 Oracle Database - Enterprise Edition RDBMS Security 12.1.0.2、19c 和 21c版本存在拒绝服务漏洞，该漏洞源于未对输入的错误消息做正确的处理，具有DBA角色权限的高权限攻击者可利用该漏洞通过Oracle Net通过网络访问来破坏Oracle数据库导致服务拒绝。

Severity

低

Patch Name

Oracle Database Server拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/security-alerts/cpujul2022.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-21432

Impacted products

Name
['Oracle Oracle Database Server 12.1.0.2', 'Oracle Oracle Database Server 19c', 'Oracle Oracle Database Server 21c']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-21432",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-21432"
    }
  },
  "description": "Oracle Database Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u63d0\u4f9b\u6570\u636e\u7ba1\u7406\u3001\u5206\u5e03\u5f0f\u5904\u7406\u7b49\u529f\u80fd\u3002\n\nOracle Database - Enterprise Edition RDBMS Security 12.1.0.2\u300119c \u548c 21c\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5bf9\u8f93\u5165\u7684\u9519\u8bef\u6d88\u606f\u505a\u6b63\u786e\u7684\u5904\u7406\uff0c\u5177\u6709DBA\u89d2\u8272\u6743\u9650\u7684\u9ad8\u6743\u9650\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7Oracle Net\u901a\u8fc7\u7f51\u7edc\u8bbf\u95ee\u6765\u7834\u574fOracle\u6570\u636e\u5e93\u5bfc\u81f4\u670d\u52a1\u62d2\u7edd\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujul2022.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-54636",
  "openTime": "2022-07-29",
  "patchDescription": "Oracle Database Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u63d0\u4f9b\u6570\u636e\u7ba1\u7406\u3001\u5206\u5e03\u5f0f\u5904\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nOracle Database - Enterprise Edition RDBMS Security 12.1.0.2\u300119c \u548c 21c\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u5bf9\u8f93\u5165\u7684\u9519\u8bef\u6d88\u606f\u505a\u6b63\u786e\u7684\u5904\u7406\uff0c\u5177\u6709DBA\u89d2\u8272\u6743\u9650\u7684\u9ad8\u6743\u9650\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7Oracle Net\u901a\u8fc7\u7f51\u7edc\u8bbf\u95ee\u6765\u7834\u574fOracle\u6570\u636e\u5e93\u5bfc\u81f4\u670d\u52a1\u62d2\u7edd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Database Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Oracle Database Server 12.1.0.2",
      "Oracle Oracle Database Server 19c",
      "Oracle Oracle Database Server 21c"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-21432",
  "serverity": "\u4f4e",
  "submitTime": "2022-07-21",
  "title": "Oracle Database Server\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2022-21432 (GCVE-0-2022-21432)

Vulnerability from cvelistv5

Published

2022-07-19 21:06

Modified

2024-09-24 20:04

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CWE

Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security.

Summary

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

References

URL

Tags

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC