CVE-2024-21123

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

CVSS v3 2.3 LOW

2.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2024.html	Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2024.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

History

18 Jun 2025, 20:22

Type	Values Removed	Values Added
First Time		Oracle database Server Oracle
CPE		cpe:2.3:a:oracle:database_server::::::::
References	~~() https://www.oracle.com/security-alerts/cpujul2024.html -~~	() https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory

Information

Published : 2024-07-16 23:15

Updated : 2025-06-18 20:22

NVD link : CVE-2024-21123

Mitre link : CVE-2024-21123

CVE.ORG link : CVE-2024-21123

JSON object : View

Products Affected

oracle

database_server

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2024-21123", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.8}]}, "published": "2024-07-16T23:15:11.810", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle Database Core de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.23. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con privilegios elevados tener privilegios SYSDBA e iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle Database Core para comprometer Oracle Database Core. Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Database Core. CVSS 3.1 Puntaje base 2.3 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)."}], "lastModified": "2025-06-18T20:22:51.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C97A084-C3BA-4B10-A9E9-58AC923A7C7D", "versionEndIncluding": "19.23", "versionStartIncluding": "19.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}