Unauthenticated Network Access Vulnerability in Oracle Audit Vault and Database Firewall
CVE-2024-20909
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 17 February 2024
Summary
A significant security vulnerability has been identified in Oracle Audit Vault and Database Firewall, specifically impacting versions 20.1 to 20.9. This issue allows an unauthenticated attacker with network access through Oracle Net to exploit the system, leading to unauthorized actions such as the creation, deletion, or modification of sensitive data. The unaddressed access can severely compromise the integrity of the data managed by the Oracle Audit Vault and Database Firewall, posing a noteworthy risk to data security. Organizations utilizing these versions are advised to review their configurations and apply necessary security measures as detailed in the Oracle Advisory.
Affected Version(s)
Audit Vault and Database Firewall 20.1 <= 20.9
References
CVSS V3.1
Timeline
Vulnerability published