CVE-2024-20924

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Audit Vault and Database Firewall. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2024.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-16 22:15

Updated : 2024-01-23 19:41

NVD link : CVE-2024-20924

Mitre link : CVE-2024-20924

CVE.ORG link : CVE-2024-20924

JSON object : View

Products Affected

oracle

audit_vault_and_database_firewall

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-20924", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}]}, "published": "2024-01-16T22:15:40.030", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Audit Vault and Database Firewall. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometa Oracle Audit Vault y Database Firewall. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Audit Vault y Database Firewall, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle Audit Vault y Database Firewall. CVSS 3.1 Puntuaci\u00f3n base 7,6 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."}], "lastModified": "2024-01-23T19:41:50.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF47D26F-BC93-45E7-AC9B-5BA8A41FA378", "versionEndIncluding": "20.9", "versionStartIncluding": "20.1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}