CVE-2022-21432

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2022.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:database:12.1.0.2:::::::*
	cpe:2.3:a:oracle:database:19c::::enterprise:::
	cpe:2.3:a:oracle:database:21c::::enterprise:::

History

23 Jul 2022, 03:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:database:12.1.0.2:::::::* cpe:2.3:a:oracle:database:21c::::enterprise::: cpe:2.3:a:oracle:database:19c::::enterprise:::
First Time		Oracle database Oracle
CWE		NVD-CWE-noinfo
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2022.html - Vendor Advisory

19 Jul 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-19 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-21432

Mitre link : CVE-2022-21432

CVE.ORG link : CVE-2022-21432

JSON object : View

Products Affected

oracle

database

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-21432", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2022-07-19T22:15:09.780", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition RDBMS Security de Oracle Database Server. Las versiones afectadas son 12.1.0.2, 19c y 21c. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante muy privilegiado de rol de DBA con acceso a la red por medio de Oracle Net, comprometer a Oracle Database - Enterprise Edition RDBMS Security. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio (DOS parcial) de Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1, Puntuaci\u00f3n Base 2.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."}], "lastModified": "2022-07-23T03:17:44.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62"}, {"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC"}, {"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}