CVE-2023-21893

CWE-284Improper Access Control10 documents9 sources
Severity
7.5HIGH
EPSS
1.1%
top 22.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Data Provider FOR .netOracle Database Server
Timeline
PublishedJan 18

Description

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database clie

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

NVDoracle/database_server19c, 21c+1
NuGetOracle.ManagedDataAccess21.0.021.9.0+1
NuGetOracle.ManagedDataAccess.Core3.21.03.21.90+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
OSV
Component takeover in Oracle Data Provider for .NET2023-01-18
GHSA
Component takeover in Oracle Data Provider for .NET2023-01-18
CVEList
CVE-2023-21893: Vulnerability in the Oracle Data Provider for2023-01-17

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: Oracle Data Provider for .NET — CVE-2023-218932023-01-15
CVE-2023-21893 (HIGH CVSS 7.5) | Vulnerability in the Oracle Data Pr | cvebase.io