Oracle Audit Vault and Database Firewall Vulnerability
CVE-2024-20910

3LOW

Key Information:

Vendor: Oracle
Status: Audit Vault And Database Firewall
Vendor: CVE Published:; 16 January 2024

What is CVE-2024-20910?

A vulnerability exists in Oracle Audit Vault and Database Firewall that could allow a high privileged attacker with network access via Oracle Net to compromise the system. This vulnerability could lead to unauthorized read access to sensitive data within Oracle Audit Vault and Database Firewall. While primarily associated with this product, successful exploitation may have repercussions across additional products due to the interconnected nature of database systems. It is critical for organizations utilizing affected versions to assess their security posture and implement appropriate mitigations to safeguard against potential attacks.

Affected Version(s)

Audit Vault and Database Firewall 20.1 <= 20.9

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023