Vulnerability in Oracle Database Data Redaction Component
CVE-2023-21827

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 18 January 2023

Summary

A vulnerability has been identified in the Oracle Database Data Redaction component, which impacts versions 19c and 21c of the Oracle Database Server. This vulnerability can be exploited by a low privileged attacker with network access and Create Session privileges via Oracle Net. Successful exploitation enables unauthorized read access to sensitive data within the database's data redaction framework, potentially exposing confidential information.

Affected Version(s)

Database - Enterprise Edition 19c

Database - Enterprise Edition 21c

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022