Java VM Vulnerability in Oracle Database Server Affects Multiple Versions
CVE-2023-21934

6.8MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability exists in the Java VM component of Oracle Database Server that affects versions 19c and 21c. It can be exploited by an attacker with User Account privilege who has network access via TLS. Exploitation enables the attacker to perform unauthorized actions, including the creation, deletion, or modification of critical data accessible through the Java VM. The vulnerability poses significant risks, as it could lead to unauthorized access to sensitive information and compromise the integrity and confidentiality of data managed by the Java VM.

Affected Version(s)

Database - Enterprise Edition 19c

Database - Enterprise Edition 21c

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022