CVE-2023-21918

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19c through 21c

Description The issue exists due to insufficient input validation in the Oracle Database Recovery Manager component of Oracle Database Server. This can be exploited by a remote attacker to cause a denial of service. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of Oracle Database Recovery Manager, which may significantly impact additional products.

Recommendations For versions 19c and 21c, apply the necessary patches or updates to fix the vulnerability in the Oracle Database Recovery Manager component. As a temporary workaround, consider restricting network access via Oracle Net to minimize the risk of exploitation. Restrict Local SYSDBA privilege to prevent high privileged attackers from compromising Oracle Database Recovery Manager.