CVE-2024-21126

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21126
Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

5.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
History

18 Jun 2025, 20:23

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpujul2024.html - () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory
First Time Oracle database Server
Oracle
CPE cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
Information

Published : 2024-07-16 23:15

Updated : 2025-06-18 20:23

NVD link : CVE-2024-21126

Mitre link : CVE-2024-21126

CVE.ORG link : CVE-2024-21126

JSON object : View

Products Affected

oracle

  • database_server
CWE
CWE-400

Uncontrolled Resource Consumption