| news flash
Oracle company to 2021 year 1 month 19 day , The first annual security alert was issued . among , yes 8 Safety warnings and Oracle
Database part . at present , You can use the latest CPU patch , This security vulnerability can be fixed .
Here's the story 8 There are three security holes ：
The vulnerability can be exploited remotely without authentication , Intruders can exploit these vulnerabilities through the network and do not need user credentials . The safety factor risk score given is 8.3 branch . however , This attack has high complexity , It only affects
Passed through the database Scheduler Timing component attack , need Export Full Database
jurisdiction , If you have control over this permission , It can reduce the risk . The risk score is as high as 8.8 branch . The way to fix it is ： Sort out the authority of database , Or apply a patch to fix it .
The vulnerability and Sharding Component related , Most individual users may not be able to use it , meanwhile , Users who don't use distributed components can also ignore it
CVE-2021-2116 and CVE-2021-2116
The vulnerability and Oracle Apex of , Can pass HTTP Protocol attack . Prevention methods ： Do a good job in account management , The risk is small
The vulnerability and Java JVM of , It is also a continuation of the previous series of deserialization vulnerabilities , Can pass Package On the prevention of the limit of authority of the enterprise , Or a patch
The vulnerability and Text Component related , Most users should not have this option . At the same time, it is suggested that , Database installation , For unused components , Do not choose to install .
The vulnerability is Unified Audit Loopholes related to the characteristics of unified audit management , The requirements for authority are very high , So the risk is the lowest , Safety points are 2.4 branch .
The specific risks are listed below ：