Lucene search

OracleCVELIST:CVE-2022-21596

HistoryOct 18, 2022 - 12:00 a.m.

CVE-2022-21596

2022-10-1800:00:00

oracle

www.cve.org

oracle

database

advanced queuing

vulnerability

19c

exploitable

privileged attacker

dba user

takeover

cvss 3.1

confidentiality

integrity

availability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Database - Enterprise Edition",
    "versions": [
      {
        "version": "19c",
        "status": "affected"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpuoct2022.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

Related for CVELIST:CVE-2022-21596