Installation Vulnerability in Oracle SQL Developer
CVE-2023-21969

6.7MEDIUM

Key Information:

Vendor: Oracle
Status: Sql Developer
Vendor: CVE Published:; 18 April 2023

Summary

An installation vulnerability has been identified in Oracle SQL Developer, allowing an attacker with elevated privileges to leverage their access to compromise the system. If exploited, this vulnerability could enable the attacker to take full control over Oracle SQL Developer, which poses significant risks to data integrity and security. Organizations using versions prior to 23.1.0 are advised to take immediate action to mitigate potential impacts. For further details, visit Oracle's advisory.

Affected Version(s)

SQL Developer * < 23.1.0

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022