Oracle Database Enterprise Edition Recovery EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT Privilege Escalation

A vulnerability was found in Oracle Database Enterprise Edition Recovery (Database Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the component EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	07/20/2022 08:15 AM	08/06/2022 02:47 PM	08/06/2022 02:50 PM
vendor	Oracle	Oracle	Oracle
name	Database Enterprise Edition Recovery	Database Enterprise Edition Recovery	Database Enterprise Edition Recovery
cve	CVE-2022-21511	CVE-2022-21511	CVE-2022-21511
component	EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT	EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT	EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_rc	C	C	C
cvss3_vuldb_rl	O	O	O
url	https://www.oracle.com/security-alerts/cpujul2022.html	https://www.oracle.com/security-alerts/cpujul2022.html	https://www.oracle.com/security-alerts/cpujul2022.html
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
identifier	Oracle Critical Patch Update Advisory - July 2022	Oracle Critical Patch Update Advisory - July 2022	Oracle Critical Patch Update Advisory - July 2022
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
name	Upgrade	Upgrade	Upgrade
type	Database Software	Database Software	Database Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	8.3	8.3	8.3
cvss2_vuldb_tempscore	7.2	7.2	7.2
cvss3_vuldb_basescore	7.2	7.2	7.2
cvss3_vuldb_tempscore	6.9	6.9	6.9
cvss3_meta_basescore	7.2	7.2	7.2
cvss3_meta_tempscore	6.9	6.9	7.0
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_assigned		1636930800 (11/15/2021)	1636930800 (11/15/2021)
cve_nvd_summary		Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).	Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			H
cvss3_cna_i			H
cvss3_cna_a			H
cve_cna			Oracle
cvss3_cna_basescore			7.2

◂ Previous Overview Next ▸