Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
References
Link | Resource |
---|---|
https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Oct 2024, 13:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-203 |
21 Oct 2024, 18:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle
Oracle database Server |
|
References | () https://www.oracle.com/security-alerts/cpuoct2024.html - Vendor Advisory | |
CPE | cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo |
16 Oct 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 20:15
Updated : 2024-10-31 13:35
NVD link : CVE-2024-21251
Mitre link : CVE-2024-21251
CVE.ORG link : CVE-2024-21251
JSON object : View
Products Affected
oracle
- database_server
CWE