CVE-2021-2332 : Vulnerability in the Oracle LogMiner component of Oracle Database Server. Suppor

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle LogMiner accessible data as well as unauthorized read access to a subset of Oracle LogMiner accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle LogMiner. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H).

Published 2021-10-20 11:16:15

Updated 2021-10-26 11:54:44

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-2332

Oracle » Database Server » Version: 12.1.0.2
cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.2.0.1
cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 19C
cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2021-2332

Top countries where our scanners detected CVE-2021-2332

Top open port discovered on systems with this issue 1521

IPs affected by CVE-2021-2332 17,455

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2021-2332!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-2332

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-2332

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H	1.2	5.5	Oracle
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: High Availability: High

References for CVE-2021-2332

https://www.oracle.com/security-alerts/cpuoct2021.html

Oracle Critical Patch Update Advisory - October 2021
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-2332

Products affected by CVE-2021-2332

Threat overview for CVE-2021-2332

Exploit prediction scoring system (EPSS) score for CVE-2021-2332

CVSS scores for CVE-2021-2332

References for CVE-2021-2332