CVE Vulnerabilities

CVE-2021-1993

Published: Jan 20, 2021 | Modified: Jan 22, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:N/AC:H/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).

Affected Software

Name Vendor Start Version End Version
Database_server Oracle 12.1.0.2 12.1.0.2
Database_server Oracle 12.2.0.1 12.2.0.1
Database_server Oracle 18c 18c
Database_server Oracle 19c 19c

References