CVE-2023-22077

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.20 Oracle Database Server versions 21.3 through 21.11

Description The issue is related to insufficient input validation in the Oracle Database Recovery Manager component. This allows a high-privileged attacker with DBA account privilege and network access via Oracle Net to compromise the Oracle Database Recovery Manager. Successful attacks can result in the ability to cause a hang or frequently repeatable crash (complete DOS) of the Oracle Database Recovery Manager.

Recommendations For versions 19.3 through 19.20, update to a version outside of this range to mitigate the risk. For versions 21.3 through 21.11, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting network access via Oracle Net to minimize the risk of exploitation.