Oracle Database Server XML Database Component Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability has been identified in the XML Database component of Oracle Database Server. This issue affects versions 19.3 through 19.26, 21.3 through 21.17, and 23.4 through 23.7. The vulnerability allows a low-privileged attacker with User Account privileges and network access via HTTP to compromise XML Database. Exploitation of this vulnerability requires human interaction from a third party. While the vulnerability resides within XML Database, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain XML Database data, as well as unauthorized updates, inserts, or deletions of accessible data.

Impact

Exploitation of this vulnerability could allow for unauthorized read, write, or delete access to some data within XML Database, with potential significant impacts on additional products.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Database Server XML Database Component Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle Database Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating