CVE-2023-21969

Name of the Vulnerable Software and Affected Versions Oracle SQL Developer versions prior to 23.1.0

Description The issue is related to insufficient input validation in the Installation component of Oracle SQL Developer, allowing a high-privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks can result in the takeover of Oracle SQL Developer.

Recommendations For versions prior to 23.1.0, update to version 23.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Installation component until a patch is applied.