Vulnerability in Oracle Database Sharding Component
CVE-2024-20995

2.4LOW

Key Information:

Vendor: Oracle
Status: Database Server
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-20995?

The Oracle Database Sharding component of Oracle Database Server contains an exploitable vulnerability that allows an attacker with DBA privileges and network access via Oracle Net to compromise the database. While successful exploitation requires human interaction from a different individual, the result can lead to unauthorized actions causing a partial denial of service on the Oracle Database Sharding. This vulnerability affects specific versions of the Oracle Database, including 19.3 to 19.22 and 21.3 to 21.13, making it critical for organizations to address this security concern promptly.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024