products / oracle_db

Oracle Database

Oracle Database is tracked in NVD as oracle:database_server. Version criteria typically use numeric trains (e.g. 19.x, 21.x), not marketing labels like "19c". Map your release to the dotted numeric form NVD uses for range matching.

api usage

Querying Oracle Database

product slugoracle_db

version format19.3.0.0, 21.5.0.0

bash

curl "https://api.attestd.io/v1/check?product=oracle_db&version=19.3.0.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Oracle has very broad CPU advisory coverage; aggregate risk_state and fixed_version depend on synthesis over many overlapping ranges. Reconcile the example JSON with live /v1/check after ingestion.

json

{
  "product": "oracle_db",
  "version": "19.3.0.0",
  "supported": true,
  "risk_state": "high",
  "risk_factors": ["remote_exploitable", "patch_available"],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "19.18.0.0",
  "confidence": 0.78,
  "cve_ids": ["CVE-2023-21815"],
  "last_updated": "2026-04-03T00:00:00Z"
}

cleaner line

Newer train

bash

curl "https://api.attestd.io/v1/check?product=oracle_db&version=23.5.0.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	Affects	CVSS
`CVE-2024-21111`	Oracle Database Server component vulnerability (CPU advisory family).	19c, 21c (see NVD)	7.2
`CVE-2023-21815`	Oracle DB network protocol / listener adjacent issues.	19.x	8.2
`CVE-2022-21547`	Privilege escalation in RDBMS component.	19.x, 21.x	7.2
`CVE-2021-35597`	SQL injection class issue in Oracle JDBC/thin clients context.	see NVD	8.1
`CVE-2020-14734`	Wide-impact Oracle quarterly CPU item for Database.	multiple	7.2

All products Microsoft SQL Server MySQL