Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujan2024.html |
History
Wed, 27 Nov 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Oracle
Oracle database Server |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Oracle
Oracle database Server |
Thu, 07 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2024-02-17T01:49:51.064Z
Updated: 2024-11-07T17:07:07.583Z
Reserved: 2023-12-07T22:28:10.616Z
Link: CVE-2024-20903
Vulnrichment
Updated: 2024-08-01T22:06:37.268Z
NVD
Status : Analyzed
Published: 2024-02-17T02:15:45.470
Modified: 2024-11-27T16:32:13.240
Link: CVE-2024-20903
Redhat
No data.