Vulnerability in Oracle Text Component of Oracle Database Server
CVE-2021-2328

7.2HIGH

Key Information:

Vendor: Oracle
Status: Text
Vendor: CVE Published:; 21 July 2021

Summary

An access control vulnerability exists in the Oracle Text component of Oracle Database Server, which can be exploited by a high-privileged attacker holding Create Any Procedure or Alter Any Table privileges. With network access through Oracle Net, the attacker can compromise Oracle Text, potentially leading to a complete takeover of the component. This security flaw impacts the confidentiality, integrity, and availability of data, underscoring the need for immediate attention and remediation.

Affected Version(s)

Text 12.1.0.2

Text 12.2.0.1

Text 19c

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Dec 9, 2020