CVE-2023-21949

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10

Description The issue is related to insufficient input validation in the Advanced Networking Option component of Oracle Database Server. It allows an unauthenticated attacker with network access via Oracle Net to compromise the Advanced Networking Option, resulting in unauthorized update, insert, or delete access to some of the accessible data. The exploitation of this issue is considered difficult.

Recommendations For versions 19.3 through 19.19, update to a version outside of this range to resolve the issue. For versions 21.3 through 21.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Advanced Networking Option component to minimize the risk of exploitation.