CVE-2021-38475

High

9/10

Summary

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

References

Advisory Timeline

Published Oct 22, 2021