Unauthenticated Network Access Vulnerability in Oracle Audit Vault and Database Firewall
CVE-2024-20909

7.5HIGH

Key Information:

Vendor: Oracle
Status: Audit Vault And Database Firewall
Vendor: CVE Published:; 17 February 2024

What is CVE-2024-20909?

A significant security vulnerability has been identified in Oracle Audit Vault and Database Firewall, specifically impacting versions 20.1 to 20.9. This issue allows an unauthenticated attacker with network access through Oracle Net to exploit the system, leading to unauthorized actions such as the creation, deletion, or modification of sensitive data. The unaddressed access can severely compromise the integrity of the data managed by the Oracle Audit Vault and Database Firewall, posing a noteworthy risk to data security. Organizations utilizing these versions are advised to review their configurations and apply necessary security measures as detailed in the Oracle Advisory.

Affected Version(s)

Audit Vault and Database Firewall 20.1 <= 20.9

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2024