VDB
CVE-2021-2438
CVE-2021-2438
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
EPSS 0.31% · 54.9th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.31%
54.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | Database - Enterprise Edition | 12.1.0.2, 19c, 12.2.0.1 |
| oracle | java_virtual_machine | *, 12.2.0.1, 12.1.0.2 |
Exploit Intelligence
- https://www.oracle.com/security-alerts/cpujul2021.html (circl)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
Timeline
- Jul 20, 2021 CVE Published
- Jul 21, 2021 EPSS Score
- Sep 18, 2021 EPSS Score
- Nov 17, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 16, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 14, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 11, 2022 EPSS Score
- Nov 9, 2022 EPSS Score