Java VM Vulnerability in Oracle Database Server
CVE-2022-39429

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 18 January 2023

Summary

A vulnerability exists in the Java VM component of Oracle Database Server that could be exploited by a low privileged attacker with the Create Procedure privilege. This vulnerability grants access through Oracle Net, enabling the attacker to compromise Java VM functionality. Successful exploitation may lead to unauthorized operations, resulting in a partial denial of service affecting the Java VM component. Supported versions affected by this issue include Oracle Database Server 19c and 21c.

Affected Version(s)

Database - Enterprise Edition 19c

Database - Enterprise Edition 21c

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Sep 2, 2022