Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2021-35576

Published: 20/10/2021 Updated: 24/02/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 2.7 | Impact Score: 1.4 | Exploitability Score: 1.2
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle database server 12.1.0.2

oracle database server 12.2.0.1

oracle database server 19c

Exploits

Exploit DB: Oracle Unified Audit Policy Bypass
Oracle versions 12102, 12201, and 19c suffer from a Unified Audit Policy bypass vulnerability ...
Exploit DB: Oracle Database Vault Metadata Exposure
Oracle Database versions 12102, 12201, 18c, and 19c suffer from a vault metadata exposure vulnerability ...

Github Repositories

https://github.com/emad-almousa/CVE-2021-35576

CVE-2021-35576

CVE-2021-35576 CVE-2021-35576 Security Vulnerability to bypass Oracle Unified Audit, details of Proof Of Concept is published here: databasesecurityninjawordpresscom/2022/06/11/cve-2021-35576-bypassing-unified-audit-policy/ CVE details: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-35576

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://databasesecurityninja.wordpress.com/2022/06/11/cve-2021-35576-bypassing-unified-audit-policy/http://packetstormsecurity.com/files/170354/Oracle-Unified-Audit-Policy-Bypass.htmlhttp://packetstormsecurity.com/files/170373/Oracle-Database-Vault-Metadata-Exposure.htmlhttps://nvd.nist.govhttps://github.com/emad-almousa/CVE-2021-35576https://packetstormsecurity.com/files/170354/Oracle-Unified-Audit-Policy-Bypass.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook