CVE-2023-22096

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.20 Oracle Database Server versions 21.3 through 21.11

Description The issue is related to insufficient input validation in the Java VM component of Oracle Database Server. This allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM, resulting in unauthorized update, insert, or delete access to some Java VM accessible data.

Recommendations For versions 19.3 through 19.20, update to a version outside of this range to resolve the issue. For versions 21.3 through 21.11, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Java VM component until a patch is available. Restrict network access via Oracle Net to minimize the risk of exploitation.