CVE-2023-22071 — Corporation PL SQL vulnerability

5 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 83.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation PL SQL Oracle Database Server

Timeline

PublishedOct 17

Latest updateOct 18

Description

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope cha…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:LExploitability: 1.7 | Impact: 3.7

Affected Packages2 packages

▶NVDoracle/database_server19.3 — 19.20+1

▶CVEListV5oracle_corporation/pl_sql19.3 — 19.20+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-474m-7m4r-wvgh: Vulnerability in the PL/SQL component of Oracle Database Server↗2023-10-18

▶

CVEList

CVE-2023-22071: Vulnerability in the PL/SQL component of Oracle Database Server↗2023-10-17

▶

📋Vendor Advisories

Oracle

Oracle Oracle Database Server Risk Matrix: PL/SQL — CVE-2023-22071↗2023-10-15

▶

🕵️Threat Intelligence

Bleepingcomputer

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers↗2023-10-03

▶