Oracle Notification Server Unauth Access 19.3-21.11
CVE-2023-22073 Published on October 17, 2023
Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability Analysis
Products Associated with CVE-2023-22073
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-22073 are published in Oracle Database Server:
Affected Versions
Oracle Corporation Database - Enterprise Edition:- Version 19.3, <= 19.20 is affected.
- Version 21.3, <= 21.11 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.