CVE

CVE-2023-21829

Date: (C)2023-01-19   (M)2023-11-10

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.3		CVSS Score :
Exploit Score: 2.1		Exploit Score:
Impact Score: 4.2		Impact Score:
CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector:
Attack Complexity: LOW		Access Complexity:
Privileges Required: LOW		Authentication:
User Interaction: REQUIRED		Confidentiality:
Scope: UNCHANGED		Integrity:
Confidentiality: LOW		Availability:
Integrity: HIGH
Availability: NONE

Reference:

https://www.oracle.com/security-alerts/cpujan2023.html