Lucene search
Georg JungZDI-23-488HistoryMay 01, 2023 - 12:00 a.m.
Oracle ODP.NET Managed Driver Improper Certificate Validation Vulnerability
2023-05-0100:00:00
Georg Jung
www.zerodayinitiative.com
51
oracle
odp.net
vulnerability
certificate validation
network security
EPSS
0.005
Percentile
75.6%
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of Oracle ODP.NET Managed Driver. An attacker must first obtain the ability to intercept and alter network traffic in order to exploit this vulnerability. The specific flaw exists within the ValidateRemoteCertificate function. The issue results from the lack of proper validation of the server certificate. An attacker can leverage this vulnerability to disclose communications between the client and the server or to insert fraudulent server responses.
Related
cve
cve
CVE-2023-21893
2023-01-18 00:15:17
prion
prion
Code injection
2023-01-18 00:15:00
vulnrichment
vulnrichment
CVE-2023-21893
2023-01-17 23:35:26
nvd
nvd
CVE-2023-21893
2023-01-18 00:15:17
osv
osv
Component takeover in Oracle Data Provider for .NET
2023-01-18 00:30:16
veracode
veracode
Access Restriction Bypass
2023-05-09 16:43:53
ibm
ibm
cvelist
cvelist
CVE-2023-21893
2023-01-17 23:35:26
github
github
Component takeover in Oracle Data Provider for .NET
2023-01-18 00:30:16
qualysblog
qualysblog
The January 2023 Oracle Critical Patch Update
2023-01-18 00:43:03
nessus
nessus
Oracle Database Server for Windows (Jan 2023 CPU)
2023-01-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00