CVE-2023-22075: 
Oracle Database Server vulnerability analysis and mitigation

A vulnerability has been identified in the Oracle Database Sharding component of Oracle Database Server, affecting versions 19.3-19.20 and 21.3-21.11. The vulnerability (CVE-2023-22075) was disclosed in October 2023 and requires high privileges with specific access requirements including Create Session, Create Any View, and Select Any Table privileges with network access via Oracle Net (Oracle CPU Oct 2023).

The vulnerability is characterized as easily exploitable but requires high privileges and human interaction from a person other than the attacker. It has been assigned a CVSS 3.1 Base Score of 2.4 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L. The attack vector is network-based, with low attack complexity, requiring high privileges and user interaction (Oracle CPU Oct 2023).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. The impact is limited to availability, with no direct effects on confidentiality or integrity (Oracle CPU Oct 2023).

Oracle has released patches for this vulnerability as part of the October 2023 Critical Patch Update. The fix is available for affected versions (19.3-19.20 and 21.3-21.11). Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible (Oracle CPU Oct 2023).

The vulnerability was reported by Emad Al-Mousa of Saudi Aramco, demonstrating active security research involvement from the energy sector (Oracle CPU Oct 2023).