CVE-2024-21242

{"id": "CVE-2024-21242", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2024-10-15T20:15:13.730", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2024.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)."}, {"lang": "es", "value": "Vulnerabilidad en el componente XML Database de Oracle Database Server. Las versiones compatibles afectadas son 19.3-19.24, 21.3-21.15 y 23.4-23.5. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y privilegios de creaci\u00f3n de sesi\u00f3n con acceso a la red a trav\u00e9s de HTTP comprometa XML Database. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de XML Database. Puntuaci\u00f3n base de CVSS 3.1: 3,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)."}], "lastModified": "2024-10-21T16:17:57.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:xml_database:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C0CCB33-06E6-4FC9-9569-F49471A2A3A2", "versionEndIncluding": "19.24", "versionStartExcluding": "19.3"}, {"criteria": "cpe:2.3:a:oracle:xml_database:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7955AD5E-EE3E-4C09-BBF4-4B647CA46B14", "versionEndIncluding": "21.15", "versionStartExcluding": "21.3"}, {"criteria": "cpe:2.3:a:oracle:xml_database:23.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4833CB3-997B-48A2-9277-D8DE452FE626"}, {"criteria": "cpe:2.3:a:oracle:xml_database:23.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8394166-1DE0-4EC5-B2E9-EB0EBB153D2D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}