Java VM Vulnerability in Oracle Database Server Affecting Multiple Versions
CVE-2022-39419

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 18 October 2022

Summary

This vulnerability impacts the Java VM component of Oracle Database Server, specifically affecting the 19c and 21c versions. It enables a low privileged attacker with 'Create Procedure' privileges, who has network access via Oracle Net, to compromise Java VM. Exploiting this vulnerability could allow unauthorized read access to certain data accessible through Java VM, posing a risk to data confidentiality.

Affected Version(s)

Database - Enterprise Edition 19c

Database - Enterprise Edition 21c

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 2, 2022