Vulnerability in Oracle Database Server Java VM Could Lead to Partial Denial of Service
CVE-2024-21174

3.1LOW

Key Information:

Vendor: Oracle
Status: Database - Enterprise Edition
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-21174?

A vulnerability in the Java VM component of Oracle Database Server allows low privileged attackers to exploit network access. Required privileges include Create Session and Create Procedure, facilitating potential unauthorized actions within the database environment. Successful exploitation of this vulnerability can lead to a partial denial of service (DoS) affecting the Java VM, disrupting service availability for legitimate users.

Affected Version(s)

Database - Enterprise Edition 19.3 <= 19.23

Database - Enterprise Edition 21.3 <= 21.14

Database - Enterprise Edition 23.4

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024