CVE-2024-21251

CWE-2035 documents5 sources
Severity
3.1LOW
EPSS
0.3%
top 50.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle Database ServerOracle Database Server
Timeline
PublishedOct 15

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

NVDoracle/database_server19.319.24+2
CVEListV5oracle_corporation/oracle_database_server19.319.24+2

🔴Vulnerability Details

2
GHSA
GHSA-j9pm-88v7-rvp8: Vulnerability in the Java VM component of Oracle Database Server2024-10-15
CVEList
CVE-2024-21251: Vulnerability in the Java VM component of Oracle Database Server2024-10-15

📋Vendor Advisories

2
Oracle
Oracle Oracle Database Server Risk Matrix: Java VM — CVE-2024-212512024-10-15
Red Hat
Oracle Database Server: From CVEorg collector2024-10-15
CVE-2024-21251 (LOW CVSS 3.1) | Vulnerability in the Java VM compon | cvebase.io