Oracle Database Server RDBMS DataPump Vulnerability

By GIXnews

A vulnerability in the RDBMS DataPump component of Oracle Database Server could allow an authenticated, remote attacker with high privileges to compromise the affected software completely on a targeted system.

The vulnerability is due to improper input validation that is performed by the affected software. An attacker with network access to the system via Oracle Net could exploit the vulnerability by submitting malicious input to the affected software. A successful exploit could allow the attacker to compromise the affected software completely.

Oracle confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-2571

Source:: Cisco Multivendor Vulnerability Alerts