CVE-2024-20903

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 17, 2024

Updated: Feb 20, 2024

Summary

CVE-2024-20903 is a newly discovered vulnerability affecting the Java VM component in Oracle Database Server. Affected versions include 19.3-19.21 and 21.3-21.12. This issue enables a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM. The exploitation of this vulnerability may result in unauthorized access to critical data or all Java VM accessible data, leading to data integrity issues. The CVSS Base Score is 6.5, indicating a medium risk. The attack vector is defined as (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKzCV0
https://www.cve.org/CVERecord?id=CVE-2024-20903
https://nvd.nist.gov/vuln/detail/CVE-2024-20903

Back to Vulnerability Database

CVE-2024-20903

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations