CVE-2023-22052

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
References
Link Resource
https://www.oracle.com/security-alerts/cpujul2023.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

History

27 Jul 2023, 17:34

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpujul2023.html - (MISC) https://www.oracle.com/security-alerts/cpujul2023.html - Patch, Vendor Advisory
CWE NVD-CWE-noinfo

18 Jul 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-18 21:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-22052

Mitre link : CVE-2023-22052

CVE.ORG link : CVE-2023-22052


JSON object : View

Products Affected

oracle

  • database_server