CVE-2022-39419: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2022-39419 is a vulnerability discovered in the Java VM component of Oracle Database Server, affecting versions 19c and 21c. The vulnerability was disclosed in October 2022 as part of Oracle's Critical Patch Update. It is characterized as an easily exploitable vulnerability that allows low privileged attackers with Create Procedure privilege and network access via Oracle Net to compromise Java VM (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.3, primarily impacting confidentiality. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating network vector access, low attack complexity, required low privileges, no user interaction, unchanged scope, and low confidentiality impact with no impact on integrity or availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. The impact is limited to confidentiality breaches, with no reported effects on system integrity or availability (Oracle CPU).

Oracle has released security patches for the affected versions (19c and 21c) as part of the October 2022 Critical Patch Update. Organizations are strongly advised to apply these security patches without delay to address the vulnerability (Oracle CPU).