Oracle Database Enterprise Edition Recovery EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT Privilege Escalation

A vulnerability was found in Oracle Database Enterprise Edition Recovery (Database Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the component EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 02:47 PM08/06/2022 02:50 PM
vendorOracleOracleOracle
nameDatabase Enterprise Edition RecoveryDatabase Enterprise Edition RecoveryDatabase Enterprise Edition Recovery
cveCVE-2022-21511CVE-2022-21511CVE-2022-21511
componentEXECUTE ON DBMS_IR.EXECUTESQLSCRIPTEXECUTE ON DBMS_IR.EXECUTESQLSCRIPTEXECUTE ON DBMS_IR.EXECUTESQLSCRIPT
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
typeDatabase SoftwareDatabase SoftwareDatabase Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore8.38.38.3
cvss2_vuldb_tempscore7.27.27.2
cvss3_vuldb_basescore7.27.27.2
cvss3_vuldb_tempscore6.96.96.9
cvss3_meta_basescore7.27.27.2
cvss3_meta_tempscore6.96.97.0
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned1636930800 (11/15/2021)1636930800 (11/15/2021)
cve_nvd_summaryVulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cve_cnaOracle
cvss3_cna_basescore7.2