CVE-2023-22075

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).

CVSS v3.0 2.4 LOW

2.4^/10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuoct2023.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:database_server:::::enterprise:::*
	cpe:2.3:a:oracle:database_server:::::enterprise:::*

History

23 Oct 2023, 18:23

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:database_server:::::enterprise:::*
CWE		NVD-CWE-noinfo
First Time		Oracle Oracle database Server
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2023.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2023.html - Patch, Vendor Advisory

18 Oct 2023, 01:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-17 22:15

Updated : 2023-10-23 18:23

NVD link : CVE-2023-22075

Mitre link : CVE-2023-22075

JSON object : View

Products Affected

oracle

database_server

CWE

NVD-CWE-noinfo

2.4 /10