CVE-2022-39419 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-39419 PUBLISHED CVSS 4.300000190734863 MEDIUM

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

EPSS 0.21% · 43.1th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.21%

43.1th percentile

Affected Products

Vendor	Product	Versions
oracle	java_virtual_machine	19c, 21c
Oracle Corporation	Database - Enterprise Edition	19c, 21c

Timeline

Oct 18, 2022 CVE Published
Oct 19, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Jan 13, 2023 EPSS Score
Feb 26, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 10, 2023 EPSS Score
May 23, 2023 EPSS Score
Jul 5, 2023 EPSS Score
Aug 17, 2023 EPSS Score
Sep 29, 2023 EPSS Score
Nov 12, 2023 EPSS Score

References

Open in Interactive Console →