CVE-2026-21977
Unauthorized Read Access via Network in Oracle ZDLRA Security
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | zero_data_loss_recovery_appliance_software | From 23.1.0 (inc) to 23.1.202509 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Zero Data Loss Recovery Appliance Software. It is difficult to exploit and allows an unauthenticated attacker with network access via Oracle Net to potentially compromise the software. However, successful exploitation requires human interaction from someone other than the attacker. If exploited, it can lead to unauthorized read access to some of the data accessible by the software.
How can this vulnerability impact me? :
The impact of this vulnerability is unauthorized read access to a subset of data within the Oracle Zero Data Loss Recovery Appliance Software. This means sensitive information could be exposed without authorization, although the attack is difficult to execute and requires user interaction.