Vulnerability in Oracle Database Server RDBMS Component
CVE-2024-21066

4.2MEDIUM

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the RDBMS component of Oracle Database Server that allows an attacker with authenticated user privileges to compromise the RDBMS. The successful exploitation of this vulnerability necessitates human interaction from an unsuspecting user. Once compromised, an attacker could gain unauthorized access to sensitive data, potentially leading to complete access to all data accessible through the RDBMS. Supported versions affected include those within the 19.3 to 19.22 range and 21.3 to 21.13. For more details, refer to Oracle's advisory.

Affected Version(s)

Database - Enterprise Edition 19.3 <= 19.22

Database - Enterprise Edition 21.3 <= 21.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024