Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpuapr2024.html |
History
Fri, 06 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Oracle java Virtual Machine
|
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:oracle:java_virtual_machine:*:*:*:*:*:*:*:* | |
Vendors & Products |
Oracle java Virtual Machine
|
Wed, 06 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2024-04-16T21:26:29.704Z
Updated: 2024-11-06T15:07:55.850Z
Reserved: 2023-12-07T22:28:10.672Z
Link: CVE-2024-21093
Vulnrichment
Updated: 2024-08-01T22:13:42.568Z
NVD
Status : Analyzed
Published: 2024-04-16T22:15:29.680
Modified: 2024-12-06T17:03:13.813
Link: CVE-2024-21093
Redhat
No data.