Oracle Java VM 12.1.0.2/19c/21c Create Procedure unknown vulnerability

A vulnerability was found in Oracle Java VM 12.1.0.2/19c/21c (Programming Language Software). It has been rated as critical. This issue affects an unknown functionality of the component Create Procedure. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	07/20/2022 08:15 AM	08/06/2022 02:51 PM	08/06/2022 02:55 PM
vendor	Oracle	Oracle	Oracle
name	Java VM	Java VM	Java VM
cve	CVE-2022-21565	CVE-2022-21565	CVE-2022-21565
component	Create Procedure	Create Procedure	Create Procedure
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	N	N	N
version	12.1.0.2/19c/21c	12.1.0.2/19c/21c	12.1.0.2/19c/21c
cvss3_vuldb_rc	C	C	C
cvss3_vuldb_rl	O	O	O
url	https://www.oracle.com/security-alerts/cpujul2022.html	https://www.oracle.com/security-alerts/cpujul2022.html	https://www.oracle.com/security-alerts/cpujul2022.html
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
identifier	Oracle Critical Patch Update Advisory - July 2022	Oracle Critical Patch Update Advisory - July 2022	Oracle Critical Patch Update Advisory - July 2022
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
name	Upgrade	Upgrade	Upgrade
type	Programming Language Software	Programming Language Software	Programming Language Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	5.9	5.9	5.9
cvss3_vuldb_basescore	6.5	6.5	6.5
cvss3_vuldb_tempscore	6.2	6.2	6.2
cvss3_meta_basescore	6.5	6.5	6.5
cvss3_meta_tempscore	6.2	6.2	6.3
price_0day	$25k-$100k	$25k-$100k	$25k-$100k
price_trend	-	-	-
cve_assigned		1636930800 (11/15/2021)	1636930800 (11/15/2021)
cve_nvd_summary		Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).	Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			H
cvss3_cna_a			N
cve_cna			Oracle
cvss3_cna_basescore			6.5

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!