Vulnerability in Oracle Database Sharding Component of Oracle Database Server
CVE-2023-22074

2.4LOW

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 17 October 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

This vulnerability exists in the Oracle Database Sharding component, allowing high-privileged attackers with 'Create Session' and 'Select Any Dictionary' privileges to exploit the system with network access through Oracle Net. Successful exploitation requires interaction from an unauthorized user, potentially leading to partial denial of service, thereby impacting the availability of the Oracle Database Sharding component. Specific versions impacted include 19.3 to 19.20 and 21.3 to 21.11.

Affected Version(s)

Database - Enterprise Edition 19.3 <= 19.20

Database - Enterprise Edition 21.3 <= 21.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-22074
Created by emad-almousa

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

http://packetstormsecurity.com/files/175352/Oracle-19c-21...

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 25, 2023
👾
Exploit known to exist
Oct 25, 2023
Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022