CVE-2023-21893: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2023-21893 is a vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server, affecting versions 19c and 21c. The vulnerability was disclosed on January 17, 2023. This difficult-to-exploit vulnerability allows unauthenticated attackers with network access via TCPS to potentially compromise Oracle Data Provider for .NET, though successful attacks require human interaction from a person other than the attacker (Oracle CPU Jan 2023).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates Network attack vector, High attack complexity, No privileges required, User interaction required, Unchanged scope, and High impact on Confidentiality, Integrity, and Availability (Oracle CPU Jan 2023).

A successful exploitation of this vulnerability can result in complete takeover of Oracle Data Provider for .NET. The vulnerability affects both Oracle Database Server installations and client-only installations on Windows platform (Oracle CPU Jan 2023).

Oracle released patches for this vulnerability as part of its January 2023 Critical Patch Update. The fix is available for Oracle Database Server versions 19c and 21c. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible to address this vulnerability (Oracle CPU Jan 2023).