CVE-2024-21126

Опубликовано: 16 июл. 2024

Источник: nvd

CVSS3: 5.8

EPSS Низкий

Описание

Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

Ссылки

https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

Версия от 19.3 (включая) до 19.23 (включая)

cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

Версия от 21.3 (включая) до 21.14 (включая)

EPSS

Процентиль: 41%

0.00192

Низкий

5.8 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

GHSA-99h2-3927-3h39

CVSS3: 5.8

github

больше 1 года назад

BDU:2024-05516

CVSS3: 4.9

fstec