CVE-2023-22077: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2023-22077 is a vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server, affecting versions 19.3-19.20 and 21.3-21.11. The vulnerability was disclosed in October 2023 as part of Oracle's Critical Patch Update. It is an easily exploitable vulnerability that allows high-privileged attackers with DBA account privileges to compromise the Oracle Database Recovery Manager through network access via Oracle Net (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The attack requires network access via Oracle Net and high privileges (DBA account). The vulnerability is characterized by its low attack complexity and requires no user interaction (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. The impact is limited to availability, with no direct effects on confidentiality or integrity of the system (Oracle CPU).

Oracle has released security patches as part of the October 2023 Critical Patch Update to address this vulnerability. Organizations are strongly recommended to apply these security patches as soon as possible to affected Oracle Database Server versions 19.3-19.20 and 21.3-21.11 (Oracle CPU).