Database
CVE-2021-2337
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (oracle) · only source for this CVE.
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the Oracle XML DB component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Affected products include: Oracle Database.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a)
Vulnerability in the OJVM component of Oracle Database Server. Rated critical severity (CVSS 9.9), this vulnerability is
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows rem
Vulnerability in the OJVM component of Oracle Database Server. Rated critical severity (CVSS 9.0), this vulnerability is
Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 8.8), this vulnerability
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute
Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is
Vulnerability in the Portable Clusterware component of Oracle Database Server. Rated high severity (CVSS 8.2), this vuln
Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Rated medium severity (CV
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today