Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44233?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44233?format=api", "vulnerability_id": "VCID-ca52-ssv2-kyct", "summary": "Component takeover in Oracle Data Provider for .NET\nVulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET.", "aliases": [ { "alias": "CVE-2023-21893" }, { "alias": "GHSA-5pm2-9mr2-3frq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63637?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess@19.18.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess@19.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63638?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess@21.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess@21.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63616?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess.Core@2.19.180", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess.Core@2.19.180" }, { "url": "http://public2.vulnerablecode.io/api/packages/63617?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess.Core@3.21.90", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess.Core@3.21.90" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63635?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess@19.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ca52-ssv2-kyct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess@19.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63636?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess@21.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ca52-ssv2-kyct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess@21.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63614?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess.Core@2.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ca52-ssv2-kyct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess.Core@2.19.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63615?format=api", "purl": "pkg:nuget/Oracle.ManagedDataAccess.Core@3.21.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ca52-ssv2-kyct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Oracle.ManagedDataAccess.Core@3.21.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-21893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01134", "scoring_system": "epss", "scoring_elements": "0.78698", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-21893" }, { "reference_url": "https://www.nuget.org/packages/Oracle.ManagedDataAccess/21.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/Oracle.ManagedDataAccess/21.9.0" }, { "reference_url": "https://www.nuget.org/packages/Oracle.ManagedDataAccess.Core/3.21.90", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/Oracle.ManagedDataAccess.Core/3.21.90" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21893", "reference_id": "CVE-2023-21893", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21893" }, { "reference_url": "https://github.com/advisories/GHSA-5pm2-9mr2-3frq", "reference_id": "GHSA-5pm2-9mr2-3frq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5pm2-9mr2-3frq" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 284, "name": "Improper Access Control", "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca52-ssv2-kyct" }