CVE-2023-21893

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
Link Resource
https://www.oracle.com/security-alerts/cpujan2023.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*

History

17 Sep 2024, 14:35

Type Values Removed Values Added
CWE CWE-284

Information

Published : 2023-01-18 00:15

Updated : 2024-09-17 14:35


NVD link : CVE-2023-21893

Mitre link : CVE-2023-21893

CVE.ORG link : CVE-2023-21893


JSON object : View

Products Affected

oracle

  • database_server
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control