CVE-2023-21969
First published: Tue Apr 18 2023(Updated: )
Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle SQL Developer | <23.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-21969?
CVE-2023-21969 is a vulnerability in Oracle SQL Developer related to its Installation component.
Which versions of Oracle SQL Developer are affected by CVE-2023-21969?
Versions of Oracle SQL Developer prior to 23.1.0 are affected by CVE-2023-21969.
How severe is CVE-2023-21969?
The severity of CVE-2023-21969 is medium, with a CVSS score of 6.7.
What is the impact of CVE-2023-21969?
CVE-2023-21969 allows a high-privileged attacker with logon access to compromise Oracle SQL Developer.
How can I fix CVE-2023-21969?
To fix CVE-2023-21969, users should upgrade Oracle SQL Developer to version 23.1.0 or newer.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- vendor/oracle
- canonical/oracle sql developer