Database Server Vulnerability in Oracle's Advanced Queuing Component
CVE-2022-21596

7.2HIGH

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 18 October 2022

Summary

A vulnerability exists within the Advanced Queuing component of Oracle Database Server that allows attackers with DBA user privileges and network access through Oracle Net to potentially compromise the system. Successful exploitation may enable attackers to take control of the Oracle Database - Advanced Queuing, impacting the confidentiality, integrity, and availability of the service. The vulnerability highlights the importance of securing database configurations and monitoring access to mitigate risks associated with privileged user accounts.

Affected Version(s)

Database - Enterprise Edition 19c

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021