VDB

CVE-2022-39419

CVE-2022-39419 PUBLISHED CVSS 4.300000190734863 MEDIUM

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

EPSS 0.21% · 43.3th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.21%
43.3th percentile

Affected Products

VendorProductVersions
oraclejava_virtual_machine19c, 21c
Oracle CorporationDatabase - Enterprise Edition21c, *

Exploit Intelligence

Timeline

  • Oct 18, 2022 CVE Published
  • Oct 19, 2022 EPSS Score
  • Dec 2, 2022 EPSS Score
  • Jan 15, 2023 EPSS Score
  • Feb 27, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 12, 2023 EPSS Score
  • May 26, 2023 EPSS Score
  • Jul 9, 2023 EPSS Score
  • Aug 21, 2023 EPSS Score
  • Oct 4, 2023 EPSS Score
  • Nov 17, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›