CVE-2021-35551: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2021-35551 is a security vulnerability discovered in the RDBMS Security component of Oracle Database Server, affecting versions 12.2.0.1, 19c, and 21c. The vulnerability was disclosed in Oracle's October 2021 Critical Patch Update. This security flaw allows high-privileged attackers with DBA privileges to potentially compromise RDBMS Security through network access via Oracle Net (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5, indicating moderate severity with Integrity and Availability impacts. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H), which indicates that the vulnerability is network-accessible, requires low attack complexity, but needs high privileges to exploit. No user interaction is required for exploitation (NVD).

Successful exploitation of this vulnerability can result in two primary impacts: unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security, and unauthorized update, insert or delete access to some of RDBMS Security accessible data (Oracle Advisory).

Oracle has released security patches for the affected versions (12.2.0.1, 19c, and 21c) as part of their October 2021 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible due to the threat posed by successful attacks (Oracle Advisory).