CVE-2021-1993 : Vulnerability in the Java VM component of Oracle Database Server. Supported vers

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).

Published 2021-01-20 15:15:45

Updated 2021-01-22 18:33:28

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2021-1993

Oracle » Database Server » Version: 12.1.0.2
cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.2.0.1
cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 18C
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 19C
cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Ops Center » Version: 12.4.0.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Zfs Storage Appliance » Version: 8.8
cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*
Matching versions
Oracle » Hyperion Infrastructure Technology » Version: 11.1.2.4
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2021-1993

Top countries where our scanners detected CVE-2021-1993

Top open port discovered on systems with this issue 1521

IPs affected by CVE-2021-1993 17,466

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2021-1993!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-1993

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-1993

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:N/AC:H/Au:S/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N	1.2	3.6	Oracle
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2021-1993

https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Critical Patch Update Advisory - January 2021
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-1993

Products affected by CVE-2021-1993

Threat overview for CVE-2021-1993

Exploit prediction scoring system (EPSS) score for CVE-2021-1993

CVSS scores for CVE-2021-1993

References for CVE-2021-1993