CVE-2021-2000

LOW

Oracle Database Server <19c - Privilege Escalation

Title source: llm
STIX 2.1

Description

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N).

References (1)

Core 1
Core References

Scores

CVSS v3 2.4
EPSS 0.0076
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (4)
oracle/database_server 12.1.0.2
oracle/database_server 12.2.0.1
oracle/database_server 18c
oracle/database_server 19c
Published Jan 20, 2021
Tracked Since Feb 18, 2026