CVE-2023-22052: 
Oracle Database Server vulnerability analysis and mitigation

The vulnerability (CVE-2023-22052) affects the Java VM component of Oracle Database Server versions 19.3-19.19 and 21.3-21.10. It was disclosed in July 2023 as part of Oracle's Critical Patch Update. This is a difficult-to-exploit vulnerability that allows low-privileged attackers with Create Session and Create Procedure privileges to compromise the Java VM component through network access via multiple protocols (Oracle CPU July).

The vulnerability has a CVSS Base Score of 3.1 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access, has high attack complexity, requires low privileges, needs no user interaction, has unchanged scope, and can only impact integrity with no effects on confidentiality or availability (Oracle CPU July).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. The impact is limited to data integrity, with no impact on system confidentiality or availability (Oracle CPU July).

Oracle has released patches for this vulnerability as part of its July 2023 Critical Patch Update. Organizations running affected versions of Oracle Database Server (19.3-19.19 and 21.3-21.10) should apply these security patches as soon as possible (Oracle CPU July).