Overview
- Description
- Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268",
"versionEndIncluding": "19.20",
"versionStartIncluding": "19.3"
},
{
"criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F",
"versionEndIncluding": "21.11",
"versionStartIncluding": "21.3"
}
],
"operator": "OR"
}
]
}
]