CVE-2019-2753 : Vulnerability in the Oracle Text component of Oracle Database Server. Supported

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Oracle Text. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Text accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Text. CVSS 3.0 Base Score 4.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L).

Published 2019-07-23 23:15:39

Updated 2020-08-24 17:37:01

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-2753

Oracle » Database Server » Version: 11.2.0.4
cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.1.0.2
cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.2.0.1
cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 18C
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-2753

Top countries where our scanners detected CVE-2019-2753

Top open port discovered on systems with this issue 1521

IPs affected by CVE-2019-2753 31,849

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-2753!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-2753

EPSS FAQ

0.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 45 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2753

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:N/AC:M/Au:S/C:P/I:N/A:P	6.8	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
4.6	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L	2.1	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: Low

References for CVE-2019-2753

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Oracle Critical Patch Update - July 2019
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2753

Products affected by CVE-2019-2753

Threat overview for CVE-2019-2753

Exploit prediction scoring system (EPSS) score for CVE-2019-2753

CVSS scores for CVE-2019-2753

References for CVE-2019-2753