Vulnerability in Unified Audit Component of Oracle Database Server
CVE-2024-21058

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 16 April 2024

Summary

This vulnerability exists in the Unified Audit component of Oracle Database Server, affecting supported versions 19.3 to 19.22 and 21.3 to 21.13. A high-privileged attacker with SYSDBA access via Oracle Net can exploit this vulnerability to compromise Unified Audit functionality. Such exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing a significant risk to the integrity and confidentiality of accessible data.

Affected Version(s)

Database - Enterprise Edition 19.3 <= 19.22

Database - Enterprise Edition 21.3 <= 21.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024