Unrated severityNVD Advisory· Published Apr 22, 2021· Updated Sep 26, 2024

CVE-2021-2173

Description

Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A high-privileged DBA attacker can exploit a vulnerability in Oracle Database Recovery to read unauthorized data, affecting additional products.

Vulnerability

The vulnerability resides in the Recovery component of Oracle Database Server. Affected versions include 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is easily exploitable and requires a high-privileged attacker with DBA Level Account privilege and network access via Oracle Net. [1]

Exploitation

An attacker with DBA-level credentials can exploit this vulnerability over the network using Oracle Net. The exploitation does not require user interaction. A public proof-of-concept is available in the referenced repository [1].

Impact

Successful exploitation allows unauthorized read access to a subset of Recovery accessible data. The attack may also impact additional products beyond Recovery (scope change). The confidentiality impact is low, with no impact on integrity or availability.

Mitigation

No mitigation details are provided in the available references. [1] does not include a patch or workaround.

References

GitHub - emad-almousa/CVE-2021-2173: CVE-2021-2173

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Oracle Corporation/Oracle Database Serverllm-fuzzy
Range: 12.1.0.2, 12.2.0.1, 18c, 19c
Oracle Corporation/Oracle Database - Enterprise Editioncpe-rescue
Range: 12.1.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000