CVE-2021-1993

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).
Severity
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
oracledatabase_server
12.1.0.2
oracledatabase_server
12.2.0.1
oracleenterprise_manager_ops_center
12.4.0.0
oraclehyperion_infrastructure_technology
11.1.2.4
oraclezfs_storage_appliance
8.8
𝑥
= Vulnerable software versions