CVE-2024-21251

Summary

CVE-2024-21251 is a vulnerability found in the Java VM component of Oracle Database Server, affecting versions 19.3-19.24, 21.3-21.15, and 23.4-23.5. This vulnerability can be exploited by low-privileged attackers with Create Session and Create Procedure privileges who have network access via Oracle Net, allowing them to perform unauthorized updates, inserts, or deletions on Java VM accessible data. The CVSS 3.1 Base Score for this vulnerability is 3.1, indicating a low severity with integrity impacts but no confidentiality or availability concerns. To remediate this issue, organizations should update their affected Oracle Database Server versions as outlined in Oracle's security alerts. If left unaddressed, the vulnerability poses a risk of data integrity compromise within the organization’s database systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.