CVE-2022-21510

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2022.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:database:-:*:*:*:enterprise:*:*:*

History

28 Jul 2022, 14:45

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:database:-::::enterprise:::
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2022.html - Vendor Advisory
CWE		NVD-CWE-noinfo
First Time		Oracle database Oracle

19 Jul 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-19 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-21510

Mitre link : CVE-2022-21510

CVE.ORG link : CVE-2022-21510

JSON object : View

Products Affected

oracle

database

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-21510", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2022-07-19T22:15:10.087", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Oracle Database - Enterprise Edition Sharding de Oracle Database Server. Para conocer las versiones compatibles que est\u00e1n afectadas, v\u00e9ase la nota. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado que tenga el privilegio de Local Logon con el inicio de sesi\u00f3n en la infraestructura donde es ejecutado Oracle Database - Enterprise Edition Sharding, comprometer a Oracle Database - Enterprise Edition Sharding. Aunque la vulnerabilidad est\u00e1 en Oracle Database - Enterprise Edition Sharding, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Database - Enterprise Edition Sharding. Nota: Ninguna de las versiones compatibles est\u00e1 afectada. CVSS 3.1, Puntuaci\u00f3n Base 8.8 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}], "lastModified": "2022-07-28T14:45:21.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database:-:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6CC4D8AC-0081-420A-AE24-F3D8E071DC7D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}