Database Integrity Vulnerability in Oracle Database Server
CVE-2024-21123

2.3LOW

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-21123?

A vulnerability in the Oracle Database Core component poses a risk for systems executing Oracle Database Server versions 19.3 to 19.23. This issue can be exploited by an attacker with SYSDBA privilege, enabling them to gain unauthorized access to the data within the Oracle Database Core. A successful exploit can lead to unauthorized operations such as updating, inserting, or deleting critical data. This scenario highlights the importance of securing database environments and restricting access based on the principles of least privilege. For further information, see the Oracle Advisory.

Affected Version(s)

Database - Enterprise Edition 19.3 <= 19.23

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024