5.3
CVE-2026-21999
- EPSS 0.24%
- Veröffentlicht 21.04.2026 20:34:59
- Zuletzt bearbeitet 08.07.2026 03:27:15
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Xml Database Version >= 23.4 <= 23.26.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.154 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert_us@oracle.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://www.oracle.com/security-alerts/cpuapr2026.html