Oracle DB RDBMS 19.3-19.22/21.3-21.13 Vulnerable to Auth Priv Escalation
CVE-2024-21066 Published on April 16, 2024
Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).
Vulnerability Analysis
CVE-2024-21066 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2024-21066 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2024-21066
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-21066 are published in these products:
Affected Versions
Oracle Corporation Database - Enterprise Edition:- Version 19.3, <= 19.22 is affected.
- Version 21.3, <= 21.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.