Home

CVE-2022-21393

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.435

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Oracle 12.1.0.2Windows
Multiple Vulnerabilities are affected in Oracle 12.2.0.1Windows
Multiple Vulnerabilities are affected in Oracle 19cWindows
Vulnerabilities CVE-2022-21393,CVE-2023-21893 are affected in Oracle 21cWindows
Multiple Vulnerabilities are affected in Oracle Database Server 19cWindows
Multiple Vulnerabilities are affected in Oracle Database Server 12.1.0.2Windows
Multiple Vulnerabilities are affected in Oracle Database Server 12.2.0.1Windows
Vulnerabilities CVE-2022-21393,CVE-2023-21893 are affected in Oracle Database Server 21cWindows
Vulnerabilities CVE-2019-10219,CVE-2022-21393,CVE-2023-21893 are affected in Oracle 21cWindows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234