{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T01:42:03.035","vulnerabilities":[{"cve":{"id":"CVE-2021-2207","sourceIdentifier":"secalert_us@oracle.com","published":"2021-04-22T22:15:14.420","lastModified":"2024-11-21T06:02:37.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure where Oracle Database - Enterprise Edition executes to compromise Oracle Database - Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."},{"lang":"es","value":"Una vulnerabilidad en el componente Oracle Database - Enterprise Edition de Oracle Database Server. Las versiones compatibles que están afectadas son 12.1.0.2, 12.2.0.1, 18c y 19c. La vulnerabilidad fácilmente explotable permite a un atacante muy privilegiado contar con privilegios de ejecución RMAN con inicio de sesión en la infraestructura donde se ejecuta Oracle Database - Enterprise Edition comprometer a Oracle Database - Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Database - Enterprise Edition. CVSS 3.1 Puntuación Base 2.3 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)"}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"89FE33CE-5995-4C53-8331-B49156F852B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*","matchCriteriaId":"20352616-6BCA-485D-8DD7-DFC97AD6A30D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*","matchCriteriaId":"C1E05472-8F3A-4E46-90E5-50EA6D555FDC"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html","source":"secalert_us@oracle.com"},{"url":"https://www.oracle.com/security-alerts/cpuapr2021.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/174448/Oracle-RMAN-Missing-Auditing.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}