RDBMS Vulnerability in Oracle Database Server Software
CVE-2019-2955

3.9LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability in Oracle's Core RDBMS component allows low privileged attackers with Local Logon rights to exploit the system. While this attack requires user interaction from a third party, successful exploitation can enable unauthorized updates, inserts, or deletions of data accessible in Core RDBMS. Additionally, it poses a risk of causing a partial denial of service, impacting data availability. Organizations using affected versions of Oracle Database Server should take immediate action to secure their systems.

Affected Version(s)

Oracle Database 11.2.0.4

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018