CVE-2021-35558 : Security Advisory and Response

The Core RDBMS component of Oracle Database Server is affected by a vulnerability that allows low privileged attackers to compromise the system. This CVE affects versions 12.1.0.2, 12.2.0.1, 19c, and 21c, potentially leading to a partial denial of service.

Understanding CVE-2021-35558

This section will delve into the specifics of the CVE-2021-35558 vulnerability.

What is CVE-2021-35558?

The vulnerability in the Core RDBMS component of Oracle Database Server allows low privileged attackers with specific privileges to compromise the system via network access, potentially resulting in a partial denial of service.

The Impact of CVE-2021-35558

The impact of this vulnerability can lead to unauthorized individuals causing a partial denial of service to the Core RDBMS component.

Technical Details of CVE-2021-35558

Let's explore the technical aspects of CVE-2021-35558.

Vulnerability Description

The vulnerability in Oracle Database Server's Core RDBMS component can be exploited by attackers with Create Table privilege, leading to unauthorized access and potential denial of service.

Affected Systems and Versions

Versions 12.1.0.2, 12.2.0.1, 19c, and 21c of Oracle Database Server are affected by this vulnerability.

Exploitation Mechanism

Attackers with low privileges and network access via Oracle Net can exploit this vulnerability to compromise the Core RDBMS component.

Mitigation and Prevention

Learn how to mitigate and prevent the CVE-2021-35558 vulnerability.

Immediate Steps to Take

Immediate steps should include monitoring and restricting access to the affected systems.

Long-Term Security Practices

Implementing secure configurations, regular security assessments, and user access controls can enhance long-term security.

Patching and Updates

Ensure timely application of security patches and updates to protect against known vulnerabilities.