Vulnerability in Oracle Database Firewall Affects Oracle's Security Solutions
CVE-2024-20924

7.6HIGH

Key Information:

Vendor: Oracle
Status: Audit Vault and Database Firewall
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists in Oracle's Audit Vault and Database Firewall that can be potentially exploited by high privileged attackers who have network access through Oracle Net. This vulnerability poses a significant risk as it may affect not only the Oracle Audit Vault and Database Firewall itself but also extend its impact to additional products. Successful exploitation requires human interaction from an individual other than the attacker, making it less straightforward yet still concerning. Given the nature of this vulnerability, attackers could potentially take over the Oracle Audit Vault and Database Firewall, leading to substantial confidentiality, integrity, and availability concerns for organizations relying on these security solutions.

Affected Version(s)

Audit Vault and Database Firewall 20.1 <= 20.9

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023