CVE-2021-35576: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2021-35576 is a vulnerability in the Oracle Database Enterprise Edition Unified Audit component affecting Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability was disclosed and patched in Oracle's Critical Patch Update of October 2021. This security flaw allows high-privileged attackers with Local Logon privilege and network access via Oracle Net to compromise the Oracle Database Enterprise Edition Unified Audit component (Oracle CPU Oct 2021, NVD).

The vulnerability enables a complete bypass of configured audit policies/rules that should be honored and recorded. When the database is in upgrade mode, the auditing facility only captures default audit policies such as ORASECURECONFIG and ORALOGONFAILURES, but fails to record custom audit policies. This allows privileged users to view audited sensitive tables without leaving any trace in the UNIFIEDAUDIT_TRAIL view. The vulnerability has a CVSS 3.1 Base Score of 2.7 (Integrity impacts) with the vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N (Database Security Ninja, NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert, or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. More critically, it allows privileged users to bypass audit logging mechanisms, potentially enabling unauthorized access to sensitive data without leaving an audit trail (NVD).

Oracle addressed this vulnerability in the October 2021 Critical Patch Update. Organizations should apply the security patches provided in this update to affected Oracle Database Server versions (12.1.0.2, 12.2.0.1, and 19c). It is strongly recommended to keep systems updated with the latest security patches to prevent exploitation (Oracle CPU Oct 2021).