CVE-2021-2207: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2021-2207 is a vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server affecting versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability was disclosed in Oracle's April 2021 Critical Patch Update (Oracle Advisory). It allows high privileged attackers with RMAN executable privilege and local logon access to compromise Oracle Database - Enterprise Edition.

The vulnerability has a CVSS 3.1 Base Score of 2.3 (Low severity) with the following vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. This indicates it requires local access (AV:L), low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), with no impact to confidentiality (C:N), low impact to integrity (I:L), and no impact to availability (A:N) (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data (Oracle Advisory).

Oracle has released patches for this vulnerability in their April 2021 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible to address this vulnerability (Oracle Advisory).