CVE-2022-21603

2022-10-1821:15:11

[email protected]

web.nvd.nist.gov

cve-2022-21603

oracle database

sharding

vulnerability

19c

21c

exploitable

takeover

cvss 3.1

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON

Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

NVD

Node

oracledatabase_-_shardingMatch19c

oracledatabase_-_shardingMatch21c

CPENameOperatorVersion
oracle:database_-_shardingoracle database - shardingeq19c
oracle:database_-_shardingoracle database - shardingeq21c

CPE	Name	Operator	Version
oracle:database_-_sharding	oracle database - sharding	eq	19c
oracle:database_-_sharding	oracle database - sharding	eq	21c

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Database - Enterprise Edition",
    "versions": [
      {
        "version": "19c",
        "status": "affected"
      },
      {
        "version": "21c",
        "status": "affected"
      }
    ]
  }
]