CVE-2023-22074

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.20 Oracle Database Server versions 21.3 through 21.11

Description The issue is related to insufficient input validation in the Database Sharding component of Oracle Database Server. This can be exploited by a remote attacker to cause a partial denial of service. The attack requires human interaction from a person other than the attacker and can be carried out by a high-privileged attacker with Create Session and Select Any Dictionary privileges via Oracle Net. Successful exploitation can result in unauthorized ability to cause a partial denial of service of Oracle Database Sharding.

Recommendations For Oracle Database Server versions 19.3 through 19.20, update to a version outside of this range to mitigate the risk. For Oracle Database Server versions 21.3 through 21.11, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Database Sharding component until a patch is available.