The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July CPU advisory.

  - Vulnerability in the Oracle Text (LibExpat) component of Oracle Database Server. Supported versions that     are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows low privileged     attacker having Create Session, Create Index privilege with network access via Oracle Net to compromise     Oracle Text (LibExpat). Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle Text (LibExpat). (CVE-2022-43680)

  - Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions     that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option.
    Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Advanced Networking Option accessible data. (CVE-2023-21949)

  - Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are     affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged     attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit.
    Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification     access to critical data or all Unified Audit accessible data. (CVE-2023-22034)

  - Security-in-depth updates for CVE-2021-3520, CVE-2022-21189, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708,     CVE-2023-28709, CVE-2023-30533 and CVE-2023-34981

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Database Server (Jul 2023 CPU)

critical Nessus Plugin ID 178468

Version 1.7