Login Sign Up

CVE-2021-2328

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Oracle Text allows high-privileged attackers with network access via Oracle Net to compromise the Oracle Text component. Successful exploitation can lead to complete takeover of Oracle Text, affecting confidentiality, integrity, and availability. Affected versions include Oracle Database Server 12.1.0.2, 12.2.0.1, and 19c.

💻 Affected Systems

Products:
  • Oracle Database Server
Versions: 12.1.0.2, 12.2.0.1, 19c
Operating Systems: All platforms running affected Oracle Database versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have Create Any Procedure and Alter Any Table privileges with network access via Oracle Net.

📦 What is this software?

Text by Oracle

View all CVEs affecting Text →

Text by Oracle

View all CVEs affecting Text →

Text by Oracle

View all CVEs affecting Text →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Oracle Text component leading to data exfiltration, data manipulation, and service disruption across the database.

🟠

Likely Case

Privileged attackers with network access can execute arbitrary code within Oracle Text, potentially leading to database compromise.

🟢

If Mitigated

With proper network segmentation and least privilege access, impact is limited to isolated database components.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes this as 'easily exploitable' but requires high privileges. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Critical Patch Update for July 2021 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2021.html

Restart Required: Yes

Instructions:

1. Download appropriate Critical Patch Update from Oracle Support. 2. Apply patch following Oracle's patching procedures. 3. Restart database services as required.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Oracle Database servers to only trusted sources

Use firewall rules to limit Oracle Net access to authorized IPs only

Privilege Reduction

all

Review and reduce Create Any Procedure and Alter Any Table privileges

REVOKE CREATE ANY PROCEDURE FROM <user>;
REVOKE ALTER ANY TABLE FROM <user>;

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Oracle Database servers
  • Apply principle of least privilege and audit all users with Create Any Procedure and Alter Any Table privileges

🔍 How to Verify

Check if Vulnerable:

Check Oracle Database version and if July 2021 Critical Patch Update is applied

Check Version:

SELECT * FROM v$version;

Verify Fix Applied:

Verify patch application through Oracle's opatch utility and check version

📡 Detection & Monitoring

Log Indicators:

  • Unusual CREATE PROCEDURE or ALTER TABLE activities
  • Failed privilege escalation attempts in audit logs

Network Indicators:

  • Unusual Oracle Net connections from unexpected sources
  • Suspicious database protocol traffic patterns

SIEM Query:

source="oracle_audit" AND (event_type="CREATE_PROCEDURE" OR event_type="ALTER_TABLE") AND user_privileges IN ("CREATE ANY PROCEDURE", "ALTER ANY TABLE")

📊 Metadata

CVE ID: CVE-2021-2328
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: July 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON