Oracle Database Critical Patch And Security Update January 2021
Description
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Please review our previous Critical Patch Update advisories for more information regarding earlier published security fixes.
Oracle Database Product Critical Patch Summary
This Critical Patch Update contains 8 new security patches for Oracle Database Server Products:
- New security patches for Oracle Database Products:
- Oracle Database 12.1.0.2
- Oracle Database 12.2.0.1
- Oracle Database 18c
- Oracle Database 19c
- Oracle Database 20.2
Oracle Database Server Risk Matrix
| CVE# | Component | Package and/or Privilege Required | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.0 RISK | Supported Versions Affected | Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
| CVE-2021-2035 | RDBMS Scheduler | Export Full Database | Oracle Net | No | 8.8 | Network | Low | Low | None | Un- changed |
High | High | High | 12.1.0.2, 12.2.0.1, 18c, 19c | |
| CVE-2021-2018 | Advanced Networking Option | None | Oracle Net | Yes | 8.3 | Network | High | None | Required | Changed | High | High | High | 18c, 19c | See Note 1 |
| CVE-2021-2054 | RDBMS Sharding | Create Any Procedure, Create Any View, Create Any Trigger | Oracle Net | No | 7.2 | Network | Low | High | None | Un- changed |
High | High | High | 12.2.0.1, 18c, 19c | |
| CVE-2021-2116 | Oracle Application Express Opportunity Tracker | Valid User Account | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | Prior to 20.2 | |
| CVE-2021-2117 | Oracle Application Express Survey Builder | Valid User Account | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | Prior to 20.2 | |
| CVE-2021-1993 | Java VM | Create Session | Oracle Net | No | 4.8 | Network | High | Low | Required | Un- changed |
None | High | None | 12.1.0.2, 12.2.0.1, 18c, 19c | |
| CVE-2021-2045 | Oracle Text | Create Session | Oracle Net | No | 3.1 | Network | High | Low | None | Un- changed |
None | None | Low | 12.1.0.2, 12.2.0.1, 18c, 19c | |
| CVE-2021-2000 | Unified Audit | SYS Account | Oracle Net | No | 2.4 | Network | Low | High | Required | Un- changed |
None | Low | None | 12.1.0.2, 12.2.0.1, 18c, 19c | |
Notes:
- CVE-2021-2018 affects Windows Platforms only
Additional patches are included in this Critical Patch Update for the following non-exploitable CVE's in this Oracle product family:
- Perl: CVE-2020-10878, CVE-2020-10543 and CVE-2020-12723.
Further Help and Assistance
For further advice about Oracle Critical Patch Updates, including installation planning and consultancy services, please contact one of our pre-sales technical team on 0330 332 6223 or visit our website nlightn-IT
Share this article
Latest Articles
- 22 October 2021
Oracle Database Critical Patch And Security Update October 2021 - 22 July 2021
Oracle Database Critical Patch And Security Update July 2021 - 26 April 2021
Oracle Database Critical Patch And Security Update April 2021 - 22 January 2021
Oracle Database Critical Patch And Security Update January 2021 - 27 October 2020
Oracle Database Critical Patch And Security Update October 2020 - 16 July 2020
Oracle Database Critical Patch And Security Update July 2020 - 15 April 2020
Oracle Database Critical Patch And Security Update April 2020 - 23 January 2020
Oracle Database Critical Patch And Security Update January 2020 - 16 October 2019
Oracle Database Critical Patch And Security Update October 2019 - 17 July 2019
Oracle Database Critical Patch And Scurity Update July 2019
