CVE-2019-2776 : Vulnerability in the Core RDBMS component of Oracle Database Server. Supported v

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Index privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Core RDBMS accessible data as well as unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N).

Published 2019-07-23 23:15:41

Updated 2020-08-24 17:37:01

Source Oracle

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2019-2776

Oracle » Database Server » Version: 12.1.0.2
cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.2.0.1
cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 18C
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 19C
cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-2776

Top countries where our scanners detected CVE-2019-2776

Top open port discovered on systems with this issue 1521

IPs affected by CVE-2019-2776 17,452

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-2776!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-2776

EPSS FAQ

0.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2776

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
7.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N	2.3	4.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: Low Availability: None

References for CVE-2019-2776

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Oracle Critical Patch Update - July 2019
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2776

Products affected by CVE-2019-2776

Threat overview for CVE-2019-2776

Exploit prediction scoring system (EPSS) score for CVE-2019-2776

CVSS scores for CVE-2019-2776

References for CVE-2019-2776