Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujul2021.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2021-07-20T22:43:16
Updated: 2024-08-03T16:38:57.583Z
Reserved: 2020-12-09T00:00:00
Link: CVE-2021-2337
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-07-21T15:15:16.860
Modified: 2021-07-22T20:41:12.427
Link: CVE-2021-2337
Redhat
No data.