Core RDBMS Vulnerability in Oracle Database Server
CVE-2019-2954

3.9LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in the Core RDBMS component of Oracle Database Server, allowing low privileged attackers to exploit the system with Create Session and Create Procedure privileges. This exploit requires the attacker to have logon access to the infrastructure. If successfully executed, the vulnerability could lead to unauthorized modifications to data, including updates and deletions, as well as potential partial denial of service scenarios. Human interaction from an individual other than the attacker is necessary for the exploit to succeed, emphasizing the importance of user awareness in mitigating the risk.

Affected Version(s)

Oracle Database 11.2.0.4

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018