Vulnerability in Oracle Database RDBMS Security Component Affecting Oracle Database Server
CVE-2023-21829

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 18 January 2023

Summary

A vulnerability exists in the RDBMS Security component of Oracle Database Server that could allow a low-privileged attacker with Create Session privilege to compromise the security of the database. Exploitation requires the attacker to manipulate the targeted environment, necessitating human interaction from a third party. This issue may lead to unauthorized actions including creation, modification, or deletion of sensitive data within Oracle Database RDBMS Security, as well as unauthorized read access to certain accessible data.

Affected Version(s)

Database - Enterprise Edition 19c

Database - Enterprise Edition 21c

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022