Vulnerability in Oracle Database Server Core RDBMS Component
CVE-2019-2776

7.6HIGH

Key Information:

Vendor: Oracle
Status: Text
Vendor: CVE Published:; 23 July 2019

Summary

An improper access control vulnerability in the Core RDBMS component of Oracle Database Server allows high-privileged attackers with the Create Any Index privilege to exploit network access via OracleNet. This may lead to significant impacts on database integrity and confidentiality, enabling them to gain unauthorized access and manipulate critical data. The exploited vulnerability can result in unauthorized updates, insertions, or deletions of data, impacting not only the Core RDBMS but also potentially affecting additional products within the Oracle ecosystem.

Affected Version(s)

Text 12.1.0.2

Text 12.2.0.1

Text 18c

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018