Home > Vulnerability Database > CVE-2023-21893

Mend.io Vulnerability Database

CVE-2023-21893

Good to know:

Date: January 17, 2023

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Language: C#

Severity Score

7.5

Related Resources (3)

Url: https://www.oracle.com/security-alerts/cpujan2023.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-21893

Url: https://www.mend.io/vulnerability-database/CVE-2023-21893

Severity Score

7.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version Oracle.ManagedDataAccess - 19.18.0,21.9.0, Oracle.ManagedDataAccess.Core - 2.19.180,3.21.90

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-21893

Good to know:

Date: January 17, 2023

Language: C#

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?