Exploitable Vulnerability in Oracle Database Sharding Component by Oracle Corporation
CVE-2023-22075

2.4LOW

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-22075?

An exploitable vulnerability exists within the Oracle Database Sharding component of the Oracle Database Server. This vulnerability affects various versions and can be exploited by high-privileged attackers with specific privileges, including 'Create Session' and 'Select Any Table'. Attackers must have network access and require human interaction from a user other than the attacker to successfully exploit this vulnerability. Successful exploitation can lead to unauthorized actions resulting in potential partial denial of service for the affected Oracle Database Sharding component.

Affected Version(s)

Database - Enterprise Edition 19.3 <= 19.20

Database - Enterprise Edition 21.3 <= 21.11

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022