CVE-2024-21174

Summary

CVE-2024-21174 is a vulnerability affecting the Java VM component of Oracle Database Server. This issue impacts the versions 19.3-19.23, 21.3-21.14, and 23.4. A low-privileged attacker with Create Session and Create Procedure privileges, along with network access via Oracle Net, can exploit this difficulty-to-exploit flaw. Successful attacks could potentially lead to a partial denial of service (partial DOS) of the Java VM. The Base Score of this vulnerability, according to the Common Vulnerability Scoring System (CVSS) 3.1, is 3.1, with a focus on availability impacts. The attack vector is defined as network (N), adversary having high privileges (H), low privileges required for exploitation (L), no user interaction (N), and unchanged software (S). No data or confidentiality impacts (C:N, I:N) have been reported at this time.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.