Описание
Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).
Ссылки
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
3.3 Low
CVSS3
3.3 Low
CVSS3
4.9 Medium
CVSS2
Дефекты
Связанные уязвимости
Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).
Уязвимость компонента Database Gateway for ODBC системы управления базами данных Oracle Database Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных или вызвать частичный отказ в обслуживании
EPSS
3.3 Low
CVSS3
3.3 Low
CVSS3
4.9 Medium
CVSS2