CVE-2021-1993
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).
Vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones compatibles que están afectadas son 12.1.0.2, 12.2.0.1, 18c y 19c. La vulnerabilidad difícil de explotar permite a un atacante poco privilegiado que tenga privilegio Create Session con acceso de red por medio de Oracle Net comprometer a Java VM. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o todos los datos accesibles de Java VM. CVSS 3.1 Puntuación Base 4.8 (Impactos de la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N)
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-12-09 CVE Reserved
- 2021-01-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2021.html | 2021-01-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 12.1.0.2 Search vendor "Oracle" for product "Database Server" and version "12.1.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 12.2.0.1 Search vendor "Oracle" for product "Database Server" and version "12.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 18c Search vendor "Oracle" for product "Database Server" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 19c Search vendor "Oracle" for product "Database Server" and version "19c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hyperion Infrastructure Technology Search vendor "Oracle" for product "Hyperion Infrastructure Technology" | 11.1.2.4 Search vendor "Oracle" for product "Hyperion Infrastructure Technology" and version "11.1.2.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Zfs Storage Appliance Search vendor "Oracle" for product "Zfs Storage Appliance" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance" and version "8.8" | - |
Affected
| ||||||