N/A

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N).

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

N/A

Oracle Database Server 访问控制错误漏洞

Oracle Database Server是美国甲骨文（Oracle）公司的一套关系数据库管理系统。该数据库管理系统提供数据管理、分布式处理等功能。 Oracle Database Server 的 Unified Audit 组件存在安全漏洞，该漏洞允许具有SYS帐户权限的高等级攻击者通过Oracle Net进行网络访问，从而破坏统一审计。以下产品及版本受到影响：Unified Audit--SYS Account--12.1.0.2, 12.2.0.1, 18c, 19c。

N/A

N/A