{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T21:58:42.189","vulnerabilities":[{"cve":{"id":"CVE-2023-22071","sourceIdentifier":"secalert_us@oracle.com","published":"2023-10-17T22:15:12.837","lastModified":"2024-11-21T07:44:13.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PL/SQL component of Oracle Database Server.  Supported versions that are affected are 19.3-19.20 and  21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PL/SQL accessible data as well as  unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)."},{"lang":"es","value":"Vulnerabilidad en el componente PL/SQL de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad fácilmente explotable permite que un atacante con privilegios elevados que tenga privilegios de Create Session y ejecutar en sys.utl_http con acceso a la red a través de Oracle Net comprometa PL/SQL. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante y, si bien la vulnerabilidad está en PL/SQL, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada de algunos datos accesibles de PL/SQL, así como un acceso de lectura no autorizado a un subconjunto de datos accesibles de PL/SQL y la capacidad no autorizada de causar una denegación parcial de servicio (parcial). DOS) de PL/SQL. CVSS 3.1 Puntuación base 5,9 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.3","versionEndIncluding":"19.20","matchCriteriaId":"32E02E1D-EF08-47A1-9095-06F9F2D8D268"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"21.3","versionEndIncluding":"21.11","matchCriteriaId":"84088F94-42E8-4553-AE33-A5C4E954C83F"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuoct2023.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2023.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}