Description

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Remediation

References

CVE-2019-2913

Related Vulnerabilities

PHP Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2023-0567)

WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (2.1.1.6)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-45038)

WordPress Plugin Accordion Shortcodes Cross-Site Scripting (2.4.2)

Java Denial of Service (DoS) Vulnerability (CVE-2018-2952)

Severity

Medium

Classification

CVE-2019-2913 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities