CVE-2021-2332

MEDIUM

Oracle Database Server 12.1.0.2, 12.2.0.1, 19c - Authenticated Denial of Service and Data Manipulation in LogMiner

Title source: llm

Description

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle LogMiner accessible data as well as unauthorized read access to a subset of Oracle LogMiner accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle LogMiner. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H).

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2021.html

Scores

CVSS v3 6.7

EPSS 0.0029

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (3)

oracle/database_server 12.1.0.2

oracle/database_server 12.2.0.1

oracle/database_server 19c

Published Oct 20, 2021

Tracked Since Feb 18, 2026